{"id":2050,"name":"file-type","ecosystem":"npm","repository_url":"https://github.com/sindresorhus/file-type","issues_count":740,"created_at":"2025-06-06T15:01:56.252Z","updated_at":"2025-06-06T15:01:56.252Z","purl":"pkg:npm/file-type","metadata":{"id":1716615,"name":"file-type","ecosystem":"npm","description":"Detect the file type of a file, stream, or data","homepage":"https://github.com/sindresorhus/file-type#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/sindresorhus/file-type","keywords_array":["mime","file","type","magic","archive","image","img","pic","picture","flash","photo","video","detect","check","is","exif","elf","macho","exe","binary","buffer","uint8array","jpg","png","apng","gif","webp","flif","xcf","cr2","cr3","orf","arw","dng","nef","rw2","raf","tif","bmp","icns","jxr","psd","indd","zip","tar","rar","gz","bz2","7z","dmg","mp4","mid","mkv","webm","mov","avi","mpg","mp2","mp3","m4a","ogg","opus","flac","wav","amr","pdf","epub","mobi","swf","rtf","woff","woff2","eot","ttf","otf","ttc","ico","flv","ps","xz","sqlite","xpi","cab","deb","ar","rpm","Z","lz","cfb","mxf","mts","wasm","webassembly","blend","bpg","docx","pptx","xlsx","3gp","j2c","jp2","jpm","jpx","mj2","aif","odt","ods","odp","xml","heic","ics","glb","pcap","dsf","lnk","alias","voc","ac3","3g2","m4b","m4p","m4v","f4a","f4b","f4p","f4v","mie","qcp","asf","ogv","ogm","oga","spx","ogx","ape","wv","cur","nes","crx","ktx","dcm","mpc","arrow","shp","aac","mp1","it","s3m","xm","skp","avif","eps","lzh","pgp","asar","stl","chm","3mf","zst","jxl","vcf","jls","pst","dwg","parquet","class","arj","cpio","ace","avro","icc","fbx","vsdx","vtt","apk","drc","lz4","potx","xltx","dotx","xltm","ots","odg","otg","otp","ott","xlsm","docm","dotm","potm","pptm","jar","rm","ppsm","ppsx"],"namespace":null,"versions_count":159,"first_release_published_at":"2014-04-24T11:06:04.434Z","latest_release_published_at":"2025-05-23T11:52:21.900Z","latest_release_number":"21.0.0","last_synced_at":"2025-06-05T21:30:19.655Z","created_at":"2022-04-09T15:34:35.400Z","updated_at":"2025-06-05T21:30:19.655Z","registry_url":"https://www.npmjs.com/package/file-type","install_command":"npm install file-type","documentation_url":null,"metadata":{"funding":"https://github.com/sindresorhus/file-type?sponsor=1","dist-tags":{"version-16":"16.5.4","latest":"21.0.0"}},"repo_metadata":{"id":16355300,"uuid":"19105307","full_name":"sindresorhus/file-type","owner":"sindresorhus","description":"Detect the file type of a file, stream, or data","archived":false,"fork":false,"pushed_at":"2024-10-13T20:06:39.000Z","size":90502,"stargazers_count":3707,"open_issues_count":19,"forks_count":351,"subscribers_count":29,"default_branch":"main","last_synced_at":"2024-10-29T11:45:17.412Z","etag":null,"topics":["buffer","detect","file","file-types","javascript","magic","magic-numbers","nodejs","uint8array"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sindresorhus.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/security.md","support":"supported.js","governance":null,"roadmap":null,"authors":null},"funding":{"github":"sindresorhus","open_collective":"sindresorhus","custom":"https://sindresorhus.com/donate"}},"created_at":"2014-04-24T10:58:09.000Z","updated_at":"2024-10-28T12:39:18.000Z","dependencies_parsed_at":"2023-01-16T20:02:19.572Z","dependency_job_id":"c2dbd4cf-a3e9-48f4-b2df-8844b3551657","html_url":"https://github.com/sindresorhus/file-type","commit_stats":{"total_commits":488,"total_committers":113,"mean_commits":4.31858407079646,"dds":0.5204918032786885,"last_synced_commit":"37233b1c9c5c55aab4308f5c1991569dd4e414cc"},"previous_names":[],"tags_count":144,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sindresorhus","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222077326,"owners_count":16927171,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"sindresorhus","name":"Sindre Sorhus","uuid":"170270","kind":"user","description":"Full-Time Open-Sourcerer. Focused on Swift \u0026 JavaScript. Makes macOS apps, CLI tools, npm packages.","email":"","website":"https://sindresorhus.com/apps","location":null,"twitter":"sindresorhus","company":null,"icon_url":"https://avatars.githubusercontent.com/u/170270?u=34acd557a042ac478d273a4621570cadb6b0bd89\u0026v=4","repositories_count":1111,"last_synced_at":"2024-10-29T21:14:09.635Z","metadata":{"has_sponsors_listing":true,"funding":{"github":"sindresorhus","open_collective":"sindresorhus","buy_me_a_coffee":"sindresorhus","custom":"https://sindresorhus.com/donate"}},"html_url":"https://github.com/sindresorhus","funding_links":["https://github.com/sponsors/sindresorhus","https://opencollective.com/sindresorhus","https://buymeacoffee.com/sindresorhus","https://sindresorhus.com/donate"],"total_stars":852379,"followers":69513,"following":31,"created_at":"2022-11-02T16:18:52.881Z","updated_at":"2024-10-29T21:14:09.636Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sindresorhus","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sindresorhus/repositories"},"tags":[{"name":"v19.0.0","sha":"37233b1c9c5c55aab4308f5c1991569dd4e414cc","kind":"tag","published_at":"2024-01-07T15:48:33.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v19.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v19.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v19.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v19.0.0/manifests"},{"name":"v18.7.0","sha":"700cf1598bf7661ced25d9e4d8b249c0cdb063cb","kind":"tag","published_at":"2023-11-11T07:33:12.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.7.0/manifests"},{"name":"v18.6.0","sha":"5c42f8057f056fe41cbe4bffb53f56987d02e909","kind":"tag","published_at":"2023-11-01T07:55:27.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.6.0/manifests"},{"name":"v18.5.0","sha":"e4204df13bf29383d5664c1d070ba8f7956ded58","kind":"tag","published_at":"2023-06-04T07:52:44.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.5.0/manifests"},{"name":"v18.4.0","sha":"1759382900ae9440182304f48d07e701cda27e92","kind":"tag","published_at":"2023-05-10T10:21:08.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.4.0/manifests"},{"name":"v18.3.0","sha":"1978fc60f03a38a26dac87c72609adb1f3da575a","kind":"tag","published_at":"2023-04-25T05:35:06.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.3.0/manifests"},{"name":"v18.2.1","sha":"9b24116d7b386141978d51c4cc582cee010cc839","kind":"tag","published_at":"2023-02-18T13:24:22.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.2.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.2.1/manifests"},{"name":"v18.2.0","sha":"1c76b4a2c3070d26bed84a8a06a19f8ec4a04c0c","kind":"tag","published_at":"2023-01-15T04:33:13.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.2.0/manifests"},{"name":"v18.1.0","sha":"b544e6a5cd4f241f91bf8db90de5d79b83d17586","kind":"tag","published_at":"2023-01-11T10:13:58.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.1.0/manifests"},{"name":"v18.0.0","sha":"feac593c50d64fe816526386ae5af44b419948e9","kind":"tag","published_at":"2022-08-24T19:43:55.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v18.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v18.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v18.0.0/manifests"},{"name":"v17.1.6","sha":"3fa15611c508fc0711988e8fcef5e40c2580456b","kind":"tag","published_at":"2022-08-02T21:26:16.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.6","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.6/manifests"},{"name":"v17.1.5","sha":"4a6c0db2b92fe0f75438fbc272ac7f8e1e15247d","kind":"tag","published_at":"2022-08-02T11:04:17.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.5","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.5/manifests"},{"name":"v16.5.4","sha":"b5fe3b9596711a42c0141d97a11e4f0fa5fcc7a0","kind":"tag","published_at":"2022-07-27T16:56:04.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.5.4","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.4/manifests"},{"name":"v17.1.4","sha":"41100737d3ee2aa4887beea37f61c8ea2b35c558","kind":"tag","published_at":"2022-07-25T22:10:07.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.4","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.4/manifests"},{"name":"v17.1.3","sha":"41d13a302e12d74431aa53cadedb0808f33b072d","kind":"tag","published_at":"2022-07-21T14:39:35.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.3","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.3/manifests"},{"name":"v17.1.2","sha":"99cb0198bf3e55cfeda0c407607dddbab8875d91","kind":"tag","published_at":"2022-06-01T08:57:37.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.2/manifests"},{"name":"v17.1.1","sha":"d0f31fe7c6a714be9e1234142ec590365fbf5747","kind":"tag","published_at":"2021-12-28T17:29:16.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.1/manifests"},{"name":"v17.1.0","sha":"97679ca0525d998ac208254720b8b57a2857f8e3","kind":"tag","published_at":"2021-12-26T00:31:30.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.1.0/manifests"},{"name":"v17.0.2","sha":"2e71fd853329a1f7c74efcf610c99be2e401af1d","kind":"tag","published_at":"2021-12-16T23:16:08.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.0.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.2/manifests"},{"name":"v17.0.1","sha":"ec2c02d587ffa7a09956e0ec2d2412df6da5cb76","kind":"tag","published_at":"2021-12-14T23:44:15.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.1/manifests"},{"name":"v17.0.0","sha":"8037f498a533ac76761b3bf47dfb47cc4e58adfd","kind":"tag","published_at":"2021-11-24T17:19:11.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v17.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v17.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v17.0.0/manifests"},{"name":"v16.5.3","sha":"3b08ab1e7404dc00dfb3050d6f34821ae300b59c","kind":"commit","published_at":"2021-08-03T13:51:12.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.5.3","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.3/manifests"},{"name":"v16.5.2","sha":"c011315afadc88e6b326f87bd314877394796f4a","kind":"commit","published_at":"2021-07-20T16:44:58.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.5.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.2/manifests"},{"name":"v16.5.1","sha":"ac866f9b3088e76d0f9f9b23bcbcab5b05c12d94","kind":"tag","published_at":"2021-07-10T12:00:33.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.5.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.1/manifests"},{"name":"v16.5.0","sha":"4ea7bff8ccc7311d35ec5a4df8c1cdef75bc87a0","kind":"tag","published_at":"2021-05-28T05:56:43.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.5.0/manifests"},{"name":"v16.4.0","sha":"1e4e8df5caecc4eb374baca7790fc72c9d287264","kind":"tag","published_at":"2021-05-05T10:51:55.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.4.0/manifests"},{"name":"v16.3.0","sha":"fd1e72c8624018fe67a50edcd1557f153260cdca","kind":"tag","published_at":"2021-03-06T17:13:35.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.3.0/manifests"},{"name":"v16.2.0","sha":"98e68863c21d22bb59e1783ab5177e5e2ce0cfdb","kind":"tag","published_at":"2021-01-13T10:12:39.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.2.0/manifests"},{"name":"v16.1.0","sha":"579f8cbb4cc0aaf48bc6105223417b7a71021a17","kind":"tag","published_at":"2020-12-21T11:03:03.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.1.0/manifests"},{"name":"v16.0.1","sha":"362ac8e15409560af67a6d2c61f1ee63f0bd49e2","kind":"tag","published_at":"2020-11-02T11:10:15.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.0.1/manifests"},{"name":"v16.0.0","sha":"615cedcd3376b46e7b8992ec739664c33f5be8df","kind":"tag","published_at":"2020-10-18T19:02:37.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v16.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v16.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v16.0.0/manifests"},{"name":"v15.0.1","sha":"21d1e04c024f4e3f9f6256210342df0cf7112e7d","kind":"tag","published_at":"2020-09-14T18:52:32.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v15.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v15.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v15.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v15.0.1/manifests"},{"name":"v15.0.0","sha":"b84a685c86d558bd010ebf200b3b0c449b363a06","kind":"tag","published_at":"2020-08-26T00:40:00.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v15.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v15.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v15.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v15.0.0/manifests"},{"name":"v14.7.1","sha":"683b770bf76e8644bf1c9e06923aa6013f354a1c","kind":"tag","published_at":"2020-08-07T15:17:26.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.7.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.7.1/manifests"},{"name":"v14.7.0","sha":"9c4564d85107257764b6dc7fccdf059dba98a45c","kind":"tag","published_at":"2020-08-02T09:57:52.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.7.0/manifests"},{"name":"v14.6.2","sha":"78d5548796688d3cd6129cdbe24fe9a51aefdd93","kind":"tag","published_at":"2020-06-14T08:50:39.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.6.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.2/manifests"},{"name":"v14.6.1","sha":"ca24b32f5c7e7433bb7e3767b2b0dc4be2ba88b1","kind":"tag","published_at":"2020-06-07T13:30:35.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.6.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.1/manifests"},{"name":"v14.6.0","sha":"fe51f4a059a1c155cce4faa39bbb47e24793b7c4","kind":"tag","published_at":"2020-06-02T04:33:47.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.6.0/manifests"},{"name":"v14.5.0","sha":"b977dc441d42223f79c7487e50ac868850a175b5","kind":"tag","published_at":"2020-05-21T05:28:12.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.5.0/manifests"},{"name":"v14.4.0","sha":"8fd0522c8e0647dff40662ecf4fd069144b79819","kind":"tag","published_at":"2020-05-15T18:04:43.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.4.0/manifests"},{"name":"v14.3.0","sha":"abc699a07d9d6e471b7a65da48ef2564f08ae9bd","kind":"tag","published_at":"2020-05-04T16:33:05.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.3.0/manifests"},{"name":"v14.2.0","sha":"9623ab5ec8e296a0e837b952a35ea13852491794","kind":"tag","published_at":"2020-04-23T18:04:13.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.2.0/manifests"},{"name":"v14.1.4","sha":"0edc14686e28a65e186d6f247e5f232da3eea4ca","kind":"tag","published_at":"2020-03-11T05:51:45.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.1.4","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.4/manifests"},{"name":"v14.1.3","sha":"ca610b5e032595b7e6cd3ab4abcefb5b1943e339","kind":"tag","published_at":"2020-02-24T07:28:56.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.1.3","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.3/manifests"},{"name":"v14.1.2","sha":"93ea8437074fec1571c9332ad34dbbae00d795a2","kind":"tag","published_at":"2020-02-12T20:09:44.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.1.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.2/manifests"},{"name":"v14.1.1","sha":"7bf8dff0c0033506c344489b933a9b86b26c56f5","kind":"tag","published_at":"2020-02-05T19:21:27.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.1/manifests"},{"name":"v14.1.0","sha":"1204af227a750a294de21220fbb7ce49279edb24","kind":"tag","published_at":"2020-02-04T21:52:29.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.1.0/manifests"},{"name":"v14.0.0","sha":"2d90c32702b8d0a3763990c862b217f134cf464f","kind":"tag","published_at":"2020-02-02T08:57:33.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v14.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v14.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v14.0.0/manifests"},{"name":"v13.1.2","sha":"5db080f24644653fcaec2b273c4be5e741cfddd7","kind":"tag","published_at":"2020-01-22T04:39:30.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.1.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.2/manifests"},{"name":"v13.1.1","sha":"fd1f32da048135fe6cf9a2df80cf54f1a8173f84","kind":"tag","published_at":"2020-01-19T17:19:01.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.1/manifests"},{"name":"v13.1.0","sha":"07b15a35c075aa722a7b40ad07cdc0d4f92be2b7","kind":"tag","published_at":"2020-01-15T03:24:14.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.1.0/manifests"},{"name":"v13.0.3","sha":"0f7b2e8654ea0473be3995b1608a57ab1b7d937b","kind":"tag","published_at":"2020-01-09T05:16:08.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.0.3","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.3/manifests"},{"name":"v13.0.2","sha":"37293f7cfaed189e8d69119d0c0ba3a6c1b5fb76","kind":"tag","published_at":"2020-01-07T16:43:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.0.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.2/manifests"},{"name":"v13.0.1","sha":"e11dbfcb50d49690528e32ac8d30c7ae416ca387","kind":"tag","published_at":"2020-01-07T11:15:38.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.1/manifests"},{"name":"v13.0.0","sha":"9e910d8a95e883271b4ef77feaa225dcc21d9782","kind":"tag","published_at":"2020-01-07T08:46:35.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v13.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v13.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v13.0.0/manifests"},{"name":"v12.4.2","sha":"c58e875f520a9f04d2e594e123c6aeb351e229a5","kind":"tag","published_at":"2019-12-20T00:27:33.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.4.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.2/manifests"},{"name":"v12.4.1","sha":"d3f48e6402bd58457e090562ed2b390b4a99d284","kind":"tag","published_at":"2019-12-19T13:06:15.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.4.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.1/manifests"},{"name":"v12.4.0","sha":"7d9406e45c83339e58fe240595f0da87f8982332","kind":"tag","published_at":"2019-10-31T18:18:06.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.4.0/manifests"},{"name":"v12.3.1","sha":"1a1c989d3c94e386caf25ab32cfd4f971831f358","kind":"tag","published_at":"2019-10-22T04:03:59.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.3.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.3.1/manifests"},{"name":"v12.3.0","sha":"6ed5344a3b584a9cffdf45d50dc76fd5bb8df085","kind":"tag","published_at":"2019-09-03T15:20:47.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.3.0/manifests"},{"name":"v12.2.0","sha":"5b13605e87bae6c41d22c21e39bfbd330c3d6363","kind":"tag","published_at":"2019-08-18T12:19:23.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.2.0/manifests"},{"name":"v12.1.0","sha":"cf0665b887bcfa2cb7cc11f3bf44a42b2a1431aa","kind":"tag","published_at":"2019-07-26T11:29:48.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.1.0/manifests"},{"name":"v12.0.1","sha":"16b7334cbec7f44937617f59fc8da0b03074b4dc","kind":"tag","published_at":"2019-07-06T06:02:05.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.0.1/manifests"},{"name":"v12.0.0","sha":"4bed3779752d7f9ccf7df483528d29af6a2c576d","kind":"tag","published_at":"2019-06-12T17:54:08.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v12.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v12.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v12.0.0/manifests"},{"name":"v11.1.0","sha":"d7a1b158ae88a50c0f65668a2ac161baa0e06043","kind":"tag","published_at":"2019-05-23T09:28:05.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v11.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v11.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v11.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v11.1.0/manifests"},{"name":"v11.0.0","sha":"4e5b9e519dfe60ed21e5703bdd3f6c28b6facd81","kind":"tag","published_at":"2019-05-04T10:27:52.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v11.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v11.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v11.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v11.0.0/manifests"},{"name":"v10.11.0","sha":"02f666db30e1d3ee3b8c7566f7c8226e82583d63","kind":"tag","published_at":"2019-04-11T16:05:02.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.11.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.11.0/manifests"},{"name":"v10.10.0","sha":"8d05e7c74f15de574758d2887c74dd8a1003a1e1","kind":"tag","published_at":"2019-04-01T09:43:34.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.10.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.10.0/manifests"},{"name":"v10.9.0","sha":"afcd1cbfbdebaad0d4922f827fc9aa2cb179fa48","kind":"tag","published_at":"2019-03-05T15:14:21.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.9.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.9.0/manifests"},{"name":"v10.8.0","sha":"57c4f98c03be7324f22b0edfd353855e2ec8171e","kind":"tag","published_at":"2019-02-18T18:45:04.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.8.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.8.0/manifests"},{"name":"v10.7.1","sha":"6c343215290ed9ae9993ecbc1d1491f5b87a798d","kind":"tag","published_at":"2019-01-22T05:27:30.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.7.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.7.1/manifests"},{"name":"v10.7.0","sha":"86852283d3d615998605ceb341496cdc44cc7539","kind":"tag","published_at":"2018-12-18T18:44:46.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.7.0/manifests"},{"name":"v10.6.0","sha":"0b5eed26ca8f83f8ea441e6bbb4c845a13434b30","kind":"tag","published_at":"2018-12-03T03:31:39.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.6.0/manifests"},{"name":"v10.5.0","sha":"6be8559ff7af837c206103672f32ee6c61ef6169","kind":"tag","published_at":"2018-11-19T05:12:20.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.5.0/manifests"},{"name":"v10.4.0","sha":"f4ab1f3821822beb2a4f0eb266a1adacffccb1bc","kind":"tag","published_at":"2018-11-02T08:32:05.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.4.0/manifests"},{"name":"v10.3.0","sha":"7ab526a21cbc160b96a655ac7c1dc83f6c6ce0a6","kind":"tag","published_at":"2018-11-01T06:13:43.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.3.0/manifests"},{"name":"v10.2.0","sha":"8148a36bd21a24a8be4678ab4301a6062b47f6de","kind":"tag","published_at":"2018-10-28T07:22:41.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.2.0/manifests"},{"name":"v10.1.0","sha":"efae4e631ae29c292f8c07baeb7c7ada9e0fc6b3","kind":"tag","published_at":"2018-10-22T12:55:28.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.1.0/manifests"},{"name":"v10.0.0","sha":"7c81da930bd1dc7c42069095cdead0dc536436e1","kind":"tag","published_at":"2018-10-07T17:28:36.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v10.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v10.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v10.0.0/manifests"},{"name":"v9.0.0","sha":"4dea313f83458c86e7a0ff4d85df0e09161a77b9","kind":"tag","published_at":"2018-08-10T07:40:58.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v9.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v9.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v9.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v9.0.0/manifests"},{"name":"v8.1.0","sha":"0333b2a77f4c4d04a927010a1f9a17e53710b093","kind":"tag","published_at":"2018-07-08T07:47:51.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v8.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v8.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v8.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v8.1.0/manifests"},{"name":"v8.0.0","sha":"3ee88a0a3724b4ed7e4835218f7520e48f3f5ac8","kind":"tag","published_at":"2018-05-12T11:18:22.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v8.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v8.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v8.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v8.0.0/manifests"},{"name":"v7.7.1","sha":"ab4060104d606302a1ee5619b12954b553d3a8e5","kind":"tag","published_at":"2018-04-30T06:53:05.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.7.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.7.1/manifests"},{"name":"v7.7.0","sha":"27f35fcaa19212e1ae070af23d0c01b8078cc317","kind":"tag","published_at":"2018-04-29T18:57:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.7.0/manifests"},{"name":"v7.6.0","sha":"49f8ba21ee77d379831546885f558ba91475b62a","kind":"tag","published_at":"2018-02-16T04:20:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.6.0/manifests"},{"name":"v7.5.0","sha":"7c860fda6dc379a774e52fc5de56355712e6078e","kind":"tag","published_at":"2018-01-21T03:03:55.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.5.0/manifests"},{"name":"v7.4.0","sha":"4352a5359f98baa7240f747e17da3e74ac73ba00","kind":"tag","published_at":"2017-12-01T19:12:26.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.4.0/manifests"},{"name":"v7.3.0","sha":"476116504f0b1ed4a14b014587df1e166e2fe4e9","kind":"tag","published_at":"2017-11-22T13:54:22.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.3.0/manifests"},{"name":"v7.2.0","sha":"19facf2312102c118f61d40ab2107743c606b104","kind":"tag","published_at":"2017-10-17T07:08:24.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.2.0/manifests"},{"name":"v7.1.0","sha":"f865424e4a0e5262d302ebd601ba4e7f0c6dfcdf","kind":"tag","published_at":"2017-10-16T03:17:02.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.1.0/manifests"},{"name":"v7.0.1","sha":"e7d0c8b035249976e729b139d9200f4e40bd6414","kind":"tag","published_at":"2017-10-08T20:34:07.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.0.1/manifests"},{"name":"v7.0.0","sha":"492b6285b6db51f529ee84f9a0e9d8dd199c2f4d","kind":"tag","published_at":"2017-10-08T20:21:33.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v7.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v7.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v7.0.0/manifests"},{"name":"v6.2.0","sha":"d6e6fd014e4d5a830874cb5508bfaa2a94adfc64","kind":"tag","published_at":"2017-09-23T10:32:38.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v6.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v6.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.2.0/manifests"},{"name":"v6.1.0","sha":"c163dd0ffe54547305aa7d92d3d84b6ae46bc7f6","kind":"tag","published_at":"2017-08-15T11:46:46.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v6.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v6.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.1.0/manifests"},{"name":"v6.0.0","sha":"c7f86fe97e4f4b6ac0f56068aacc229528587fd2","kind":"tag","published_at":"2017-08-15T09:59:49.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v6.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v6.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v6.0.0/manifests"},{"name":"v5.2.0","sha":"a08a8b8a6fde66d8cb5f710334c30b73a82b98d2","kind":"tag","published_at":"2017-06-13T18:58:58.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v5.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v5.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.2.0/manifests"},{"name":"v5.1.1","sha":"c3deaacef5160cf1db8dcf3093315c364d06a837","kind":"tag","published_at":"2017-06-09T14:03:50.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v5.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v5.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.1.1/manifests"},{"name":"v5.1.0","sha":"f3dd7f301959894bb9ee1511132d28e7ce3f4aab","kind":"tag","published_at":"2017-06-08T22:22:44.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v5.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.1.0/manifests"},{"name":"v5.0.0","sha":"a5b4b21440e59225238b37deeac7cdae5698a0a3","kind":"tag","published_at":"2017-06-06T05:36:17.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v5.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v5.0.0/manifests"},{"name":"v4.4.0","sha":"b5d90406ec3c313a4411badcb1d25e263c0cf5bd","kind":"tag","published_at":"2017-06-06T05:00:46.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v4.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v4.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.4.0/manifests"},{"name":"v4.3.0","sha":"95a95a763cf86e6ade5d9221ecbfd7a0274cae25","kind":"tag","published_at":"2017-05-06T07:46:19.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v4.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.3.0/manifests"},{"name":"v4.2.0","sha":"98ed3a05562e629cbd6da5a8107a52899ddce8b8","kind":"tag","published_at":"2017-04-16T14:31:39.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v4.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.2.0/manifests"},{"name":"v4.1.0","sha":"2f2b70264c36d5ffc16a52ad95095dfa72f5ef68","kind":"tag","published_at":"2017-01-19T06:45:51.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v4.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"b2bcc7c05ba593b1f6a4be47cd6f9ccb55ac5e2c","kind":"tag","published_at":"2016-12-13T20:11:11.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v4.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v4.0.0/manifests"},{"name":"v3.9.0","sha":"c72c5c1462e771e08ca8ddd02945586adab9d8c5","kind":"tag","published_at":"2016-10-18T02:35:39.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.9.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.9.0/manifests"},{"name":"v3.8.0","sha":"b7bda4e8949ff153fb5229463b0a9288117ef41e","kind":"tag","published_at":"2016-03-01T11:15:49.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.8.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.8.0/manifests"},{"name":"v3.7.0","sha":"9310bfc110d5668a012e350675ccb361edd63fdb","kind":"tag","published_at":"2016-02-06T14:51:02.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.7.0/manifests"},{"name":"v3.6.0","sha":"88e5a77f199e70164d9fa226bf878f044e74cba4","kind":"tag","published_at":"2016-01-26T14:41:14.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.6.0/manifests"},{"name":"v3.5.0","sha":"4d33ad21b908baf65af3070be62efdb1b236e476","kind":"tag","published_at":"2016-01-22T13:13:10.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.5.0/manifests"},{"name":"v3.4.0","sha":"2bcbd763aa26de0430c4cef70cf15f11a6b236c6","kind":"tag","published_at":"2016-01-03T19:02:49.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.4.0/manifests"},{"name":"v3.3.1","sha":"111a30ce6e3ccf980d663b6e793b5fa64d085145","kind":"tag","published_at":"2015-12-09T14:35:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.3.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.3.1/manifests"},{"name":"v3.3.0","sha":"1306f13b669147e3da3c92656194d05283c39828","kind":"tag","published_at":"2015-11-08T10:29:30.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.3.0/manifests"},{"name":"v3.2.0","sha":"14a48a3f27550089463920e9b992a72fe7c934ae","kind":"tag","published_at":"2015-11-06T17:25:36.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.2.0/manifests"},{"name":"v3.1.1","sha":"f8759d9f477a98290c4952b964893e7f53b667ca","kind":"tag","published_at":"2015-11-05T10:18:24.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"e2957252eed84de51d31cd34168416991d8e540f","kind":"tag","published_at":"2015-10-15T15:28:16.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.1.0/manifests"},{"name":"v3.0.0","sha":"3089f9f4bd969945936cd6438a3f87b10eef7519","kind":"tag","published_at":"2015-10-11T15:06:27.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v3.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v3.0.0/manifests"},{"name":"v2.12.0","sha":"be5c47e3b9c8e8658cbe939ea56582e3add9fc56","kind":"tag","published_at":"2015-09-26T07:41:41.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.12.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.12.0/manifests"},{"name":"v2.11.0","sha":"0cb781c6ae6ed2a5a72265d8bbc52a0d2e37fcae","kind":"tag","published_at":"2015-09-18T06:54:09.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.11.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.11.0/manifests"},{"name":"v2.10.2","sha":"3211f10cf1f4cf1a4b5f8877e012a49b7358e173","kind":"tag","published_at":"2015-08-13T09:05:43.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.10.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.2/manifests"},{"name":"v2.10.1","sha":"5842ecd4bb9dfc955686b3a618f206b4da14f6e3","kind":"tag","published_at":"2015-08-10T09:24:00.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.10.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.1/manifests"},{"name":"v2.10.0","sha":"2933a9b718584d524af72802d4c057a4c6513822","kind":"tag","published_at":"2015-07-25T12:22:02.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.10.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.10.0/manifests"},{"name":"v2.9.0","sha":"0b1a56c50a644c0521820e616e0bbc3297911a80","kind":"tag","published_at":"2015-07-22T00:10:48.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.9.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.9.0/manifests"},{"name":"v2.8.0","sha":"2918e4953c47e460bfeec2407b23d1b6f67aaf2e","kind":"tag","published_at":"2015-07-18T14:16:35.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.8.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.8.0/manifests"},{"name":"2.7.0","sha":"f3b02ecd76be5bb546439318bf1cd5604ef31a29","kind":"tag","published_at":"2015-06-04T12:32:43.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/2.7.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/2.7.0/manifests"},{"name":"2.6.0","sha":"000354a3766e2e83918bff729be4c639c7564421","kind":"tag","published_at":"2015-05-04T23:41:10.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/2.6.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/2.6.0/manifests"},{"name":"v2.5.0","sha":"03ba5b0294346cfd50b5ca68ed56d71087e8b6ed","kind":"tag","published_at":"2015-03-07T15:01:27.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.5.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.5.0/manifests"},{"name":"v2.4.0","sha":"5e30103903bdbf341813760dfb18c2c786caef01","kind":"tag","published_at":"2015-03-03T11:55:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.4.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.4.0/manifests"},{"name":"v2.3.0","sha":"b3413ed1d2ee6a18b69289e4bbc7a0511c226acf","kind":"tag","published_at":"2015-03-01T10:03:59.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.3.0/manifests"},{"name":"v2.2.0","sha":"98f2b958b9e78b3541385cc67aff0c2713c95a41","kind":"tag","published_at":"2015-02-04T18:52:32.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.2.0/manifests"},{"name":"v2.1.0","sha":"731edf8cf638ae78b64971c10f894f91e7ba82e1","kind":"tag","published_at":"2015-02-04T07:05:41.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.1.0/manifests"},{"name":"v2.0.4","sha":"fd428c571e5929d685444baad24e660610c3d61e","kind":"commit","published_at":"2015-01-28T19:27:40.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.0.4","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.4/manifests"},{"name":"v2.0.3","sha":"25b0a7eb173b985287b3ff4f25f779a87712be8a","kind":"tag","published_at":"2015-01-28T06:30:13.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.0.3","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.3/manifests"},{"name":"v2.0.2","sha":"64e5699746f85045fcec12ed97ca2499064d0ecc","kind":"tag","published_at":"2015-01-20T12:39:31.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.0.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.2/manifests"},{"name":"v2.0.1","sha":"5d7ffbfd8945b184dbfd7629261d833dd1106321","kind":"tag","published_at":"2014-12-19T03:00:34.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"9d3643b39c26fb022ee186b6fa9cba131b01dbf0","kind":"tag","published_at":"2014-12-19T02:49:15.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v2.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v2.0.0/manifests"},{"name":"v1.2.0","sha":"0dd61e9a65c26d253fa10f3be1b4f09548514a2d","kind":"tag","published_at":"2014-11-13T05:36:49.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v1.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.2.0/manifests"},{"name":"v1.1.0","sha":"ad556a05341413e97156c97b9d06516c958b2e29","kind":"tag","published_at":"2014-10-29T06:48:34.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v1.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.1.0/manifests"},{"name":"v1.0.2","sha":"2c79143b39c857f48a3d1be52fc668c49880676d","kind":"tag","published_at":"2014-08-17T18:44:51.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v1.0.2","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.2/manifests"},{"name":"v1.0.1","sha":"65a347cdc92fed97ba8b5e59545245931c8a5f3e","kind":"tag","published_at":"2014-08-14T17:02:28.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v1.0.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"202985f1e101be841668f036f84d0a62f4843c9e","kind":"tag","published_at":"2014-08-14T14:54:16.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v1.0.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v1.0.0/manifests"},{"name":"0.3.0","sha":"3eb22dc23535ac75df4bb7b13c0399a061321f0c","kind":"tag","published_at":"2014-05-08T20:23:14.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/0.3.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.3.0/manifests"},{"name":"0.2.0","sha":"f5104c011bd9775680bcaa781ba0e24747d3511a","kind":"tag","published_at":"2014-04-26T00:27:41.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/0.2.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.2.0/manifests"},{"name":"0.1.1","sha":"8048ab597a73f9a12d26973d2861378edd4a510e","kind":"tag","published_at":"2014-04-24T11:10:54.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/0.1.1","html_url":"https://github.com/sindresorhus/file-type/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/0.1.1/manifests"},{"name":"v0.1.0","sha":"9d969b8db62ad8e80129c04ffa10ce435323aadb","kind":"tag","published_at":"2014-04-24T11:06:21.000Z","download_url":"https://codeload.github.com/sindresorhus/file-type/tar.gz/v0.1.0","html_url":"https://github.com/sindresorhus/file-type/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sindresorhus%2Ffile-type/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-11-01T17:30:45.906Z","dependent_packages_count":1983,"downloads":111006424,"downloads_period":"last-month","dependent_repos_count":597635,"rankings":{"downloads":0.01946705713950898,"dependent_repos_count":0.04816111604556441,"dependent_packages_count":0.03920791255102231,"stargazers_count":1.538883609144098,"forks_count":1.9260065645873694,"docker_downloads_count":0.03192487851570671,"average":0.6006085229972117},"purl":"pkg:npm/file-type","advisories":[{"uuid":"GSA_kwCzR0hTQS1taHhqLTg1cjMtMng1Nc4AAtkt","url":"https://github.com/advisories/GHSA-mhxj-85r3-2x55","title":"file-type vulnerable to Infinite Loop via malformed MKV file","description":"An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when used on a web server.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-07-22T00:00:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-36313","https://github.com/sindresorhus/file-type/releases/tag/v16.5.4","https://github.com/sindresorhus/file-type/releases/tag/v17.1.3","https://www.npmjs.com/package/file-type","https://github.com/sindresorhus/file-type/commit/2c4d1200c99dffb7d515b9b9951ef43c22bf7e47","https://github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254","https://github.com/sindresorhus/file-type/commit/8f981c32e2750d2516457e305e502ee2ad715759#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12","https://github.com/sindresorhus/file-type/compare/v12.4.2...v13.0.0#diff-c853b2249e99790d8725774cf63c90c5ab17112067df6e267f3701d7bf591d12R611-R613","https://security.snyk.io/vuln/SNYK-JS-FILETYPE-2958042","https://security.netapp.com/advisory/ntap-20220909-0005/","https://github.com/advisories/GHSA-mhxj-85r3-2x55"],"source_kind":"github","identifiers":["GHSA-mhxj-85r3-2x55","CVE-2022-36313"],"repository_url":"https://github.com/sindresorhus/file-type","blast_radius":43.32327017737235,"packages":[{"versions":[{"first_patched_version":"16.5.4","vulnerable_version_range":"\u003e= 13.0.0, \u003c 16.5.4"},{"first_patched_version":"17.1.3","vulnerable_version_range":"\u003e= 17.0.0, \u003c 17.1.3"}],"ecosystem":"npm","package_name":"file-type"}],"created_at":"2022-12-21T16:12:09.830Z","updated_at":"2023-01-28T05:02:52.000Z","epss_percentage":0.00092,"epss_percentile":0.41497}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/file-type","docker_dependents_count":3993,"docker_downloads_count":3482038553,"usage_url":"https://repos.ecosyste.ms/usage/npm/file-type","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/file-type/dependencies","status":null,"funding_links":["https://github.com/sindresorhus/file-type?sponsor=1","https://github.com/sponsors/sindresorhus","https://opencollective.com/sindresorhus","https://sindresorhus.com/donate"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/file-type/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/file-type/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/file-type/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/file-type/related_packages","maintainers":[{"uuid":"sindresorhus","login":"sindresorhus","name":null,"email":"sindresorhus@gmail.com","url":null,"packages_count":1280,"html_url":"https://www.npmjs.com/~sindresorhus","role":null,"created_at":"2022-11-10T11:48:19.224Z","updated_at":"2022-11-10T11:48:19.224Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/sindresorhus/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5006539,"maintainers_count":1012933,"namespaces_count":295512,"keywords_count":700181,"github":"npm","metadata":{"funded_packages_count":150239},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-06T05:58:05.971Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":450,"unique_repositories_count_past_30_days":24,"recent_issues":[{"uuid":"4660034994","node_id":"PR_kwDOSCvGas7mSBGX","number":89,"state":"closed","title":"chore(bash): bump the bash-dependencies group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript","pkg:bash"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-15T03:17:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-14T17:46:53.000Z","updated_at":"2026-06-15T03:17:32.000Z","time_to_close":34237,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(bash): bump","group_name":"bash-dependencies","update_count":18,"packages":[{"name":"diff","old_version":"8.0.4","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"5.6.0","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"file-type","old_version":"21.3.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"ini","old_version":"6.0.0","new_version":"7.0.0","repository_url":"https://github.com/npm/ini"},{"name":"isomorphic-git","old_version":"1.37.5","new_version":"1.38.4","repository_url":"https://github.com/isomorphic-git/isomorphic-git"},{"name":"re2js","old_version":"1.4.0","new_version":"2.8.3","repository_url":"https://github.com/le0pard/re2js"},{"name":"web-tree-sitter","old_version":"0.26.8","new_version":"0.26.9","repository_url":"https://github.com/tree-sitter/tree-sitter"},{"name":"yaml","old_version":"2.8.3","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"zod","old_version":"4.3.6","new_version":"4.4.3","repository_url":"https://github.com/colinhacks/zod"},{"name":"@biomejs/biome","old_version":"2.4.12","new_version":"2.5.0","repository_url":"https://github.com/biomejs/biome"},{"name":"@types/node","old_version":"20.19.39","new_version":"25.9.3","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@vitest/coverage-v8","old_version":"4.1.4","new_version":"4.1.8","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"esbuild","old_version":"0.27.7","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"fast-check","old_version":"3.23.2","new_version":"4.8.0","repository_url":"https://github.com/dubzzz/fast-check"},{"name":"knip","old_version":"5.88.1","new_version":"6.16.1","repository_url":"https://github.com/webpro-nl/knip"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"},{"name":"vitest","old_version":"4.1.4","new_version":"4.1.8","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"node-liblzma","old_version":"2.2.0","new_version":"5.0.1","repository_url":"https://github.com/oorabona/node-liblzma"}],"path":null,"ecosystem":"npm"},"body":"Bumps the bash-dependencies group with 18 updates in the /packages/bash directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `8.0.4` | `9.0.0` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.6.0` | `5.8.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.4` | `22.0.1` |\n| [ini](https://github.com/npm/ini) | `6.0.0` | `7.0.0` |\n| [isomorphic-git](https://github.com/isomorphic-git/isomorphic-git) | `1.37.5` | `1.38.4` |\n| [re2js](https://github.com/le0pard/re2js) | `1.4.0` | `2.8.3` |\n| [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.8` | `0.26.9` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |\n| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |\n| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.12` | `2.5.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.39` | `25.9.3` |\n| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.4` | `4.1.8` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.27.7` | `0.28.1` |\n| [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) | `3.23.2` | `4.8.0` |\n| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `5.88.1` | `6.16.1` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.8` |\n| [node-liblzma](https://github.com/oorabona/node-liblzma) | `2.2.0` | `5.0.1` |\n\n\nUpdates `diff` from 8.0.4 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/8.0.4...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.6.0 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupdate strnum, FXB. Use xml-naming for DOCTYPE\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is by deault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.9.0\u003c/em\u003e (not released yet)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eyou can set hex, binary, enotation, infinity, unicode\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003evalidate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library.\nUser can override rules by overriding EntityDecoder.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/4bcee44a034ec99706b68b16e31f4072505b13e9\"\u003e\u003ccode\u003e4bcee44\u003c/code\u003e\u003c/a\u003e for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8a287bf2524f0a3a4c32be7edaedced3a9839ab8\"\u003e\u003ccode\u003e8a287bf\u003c/code\u003e\u003c/a\u003e release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/50b01dcacb8fe21f986a9e7b55800bd96401fe58\"\u003e\u003ccode\u003e50b01dc\u003c/code\u003e\u003c/a\u003e Use \u0026quot;\u003ccode\u003e@​byspec/xml\u003c/code\u003e\u0026quot; for testing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/816b652c83249edc1569c523f7bc3e13b3ef929c\"\u003e\u003ccode\u003e816b652\u003c/code\u003e\u003c/a\u003e update typings to mark validator use deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8ad0e650bcdb05001b533f27bc01f2e873d87cc5\"\u003e\u003ccode\u003e8ad0e65\u003c/code\u003e\u003c/a\u003e update fast-xml-builder and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/58e967ed7f8208e4896b607cf5a057a5659f97c6\"\u003e\u003ccode\u003e58e967e\u003c/code\u003e\u003c/a\u003e integrate xml-naming\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fa3c3af8e0d59e9fe213785a1b204b39338d2b\"\u003e\u003ccode\u003e42fa3c3\u003c/code\u003e\u003c/a\u003e separate XML validator, UPDATE DOCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.6.0...v5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.4 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ini` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/ini/releases\"\u003eini's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003e7.0.0\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003e⚠️ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eini\u003c/code\u003e now supports node \u003ccode\u003e^22.22.2 || ^24.15.0 || \u0026gt;=26.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003etemplate-oss-apply\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e bump to new node engine range (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/293\"\u003e#293\u003c/a\u003e bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/296\"\u003e#296\u003c/a\u003e bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/npm-cli-bot\"\u003e\u003ccode\u003e@​npm-cli-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/ini/blob/main/CHANGELOG.md\"\u003eini's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003e7.0.0\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003e⚠️ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eini\u003c/code\u003e now supports node \u003ccode\u003e^22.22.2 || ^24.15.0 || \u0026gt;=26.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003etemplate-oss-apply\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e bump to new node engine range (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/293\"\u003e#293\u003c/a\u003e bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/296\"\u003e#296\u003c/a\u003e bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/npm-cli-bot\"\u003e\u003ccode\u003e@​npm-cli-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/847941ced4fb8465f0ccb383fd8b15c7e5aa09fc\"\u003e\u003ccode\u003e847941c\u003c/code\u003e\u003c/a\u003e chore: release 7.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e chore: template-oss-apply\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e feat!: bump to new node engine range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e feat!: template-oss-apply\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/e8d16cbbbb91d503fe14163024bd2a01a0446d32\"\u003e\u003ccode\u003ee8d16cb\u003c/code\u003e\u003c/a\u003e deps \u0026amp; engine update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/5d67f4b487a00aa3e2119776192030356e0161ba\"\u003e\u003ccode\u003e5d67f4b\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.27.1 to 4.28.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `isomorphic-git` from 1.37.5 to 1.38.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/releases\"\u003eisomorphic-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.3...v1.38.4\"\u003e1.38.4\u003c/a\u003e (2026-06-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass credential config username to auth callbacks (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2346\"\u003e#2346\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/d9920c57b254fc7de846c9b939cb5eb31242f1a2\"\u003ed9920c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.2...v1.38.3\"\u003e1.38.3\u003c/a\u003e (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove internal error reporting guidance (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2345\"\u003e#2345\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/955acf37adb69e50b98e92addb468f241cfb62e7\"\u003e955acf3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.1...v1.38.2\"\u003e1.38.2\u003c/a\u003e (2026-05-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd bot authoring to release commit (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/328b1baba0e24c91143c6a26cf947c3e34d3752b\"\u003e328b1ba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Clever Cloud logo to Acknowledgments in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2334\"\u003e#2334\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/89f441dce81190037c919e5885db192b88b3072a\"\u003e89f441d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.0...v1.38.1\"\u003e1.38.1\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloudflare logo (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2316\"\u003e#2316\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a71a835fc12eb5d42bb22f2c3afaa35ed03aaf74\"\u003ea71a835\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.9...v1.38.0\"\u003e1.38.0\u003c/a\u003e (2026-05-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix images in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2315\"\u003e#2315\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/007951fe698f6176a2730da82e342e82d86310c7\"\u003e007951f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd refresh option to status and statusMatrix (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2313\"\u003e#2313\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a7420b7d2c66cc15238db41a711ce8c8cd3b1b9e\"\u003ea7420b7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.37.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.8...v1.37.9\"\u003e1.37.9\u003c/a\u003e (2026-05-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/d9920c57b254fc7de846c9b939cb5eb31242f1a2\"\u003e\u003ccode\u003ed9920c5\u003c/code\u003e\u003c/a\u003e fix: pass credential config username to auth callbacks (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2346\"\u003e#2346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/955acf37adb69e50b98e92addb468f241cfb62e7\"\u003e\u003ccode\u003e955acf3\u003c/code\u003e\u003c/a\u003e fix: Improve internal error reporting guidance (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2345\"\u003e#2345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/89f441dce81190037c919e5885db192b88b3072a\"\u003e\u003ccode\u003e89f441d\u003c/code\u003e\u003c/a\u003e fix: add Clever Cloud logo to Acknowledgments in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2334\"\u003e#2334\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/328b1baba0e24c91143c6a26cf947c3e34d3752b\"\u003e\u003ccode\u003e328b1ba\u003c/code\u003e\u003c/a\u003e fix: add bot authoring to release commit (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a71a835fc12eb5d42bb22f2c3afaa35ed03aaf74\"\u003e\u003ccode\u003ea71a835\u003c/code\u003e\u003c/a\u003e fix: add cloudflare logo (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2316\"\u003e#2316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a7420b7d2c66cc15238db41a711ce8c8cd3b1b9e\"\u003e\u003ccode\u003ea7420b7\u003c/code\u003e\u003c/a\u003e feat: add refresh option to status and statusMatrix (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/007951fe698f6176a2730da82e342e82d86310c7\"\u003e\u003ccode\u003e007951f\u003c/code\u003e\u003c/a\u003e fix: Fix images in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2315\"\u003e#2315\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/6e99054362a6ace80bbd3e78fe7eae10fbe86dcc\"\u003e\u003ccode\u003e6e99054\u003c/code\u003e\u003c/a\u003e fix: point \u0026quot;jsdelivr\u0026quot; field to minified browser build (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/6972b1ee4186199427be9230e6c49d99e8967433\"\u003e\u003ccode\u003e6972b1e\u003c/code\u003e\u003c/a\u003e fix: remove duplicated contriobutors (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/199714a91c8fc3546d4abcb0591310acabcf08af\"\u003e\u003ccode\u003e199714a\u003c/code\u003e\u003c/a\u003e fix: browser entrypoint not being used in some non-node build contexts (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2309\"\u003e#2309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.5...v1.38.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `re2js` from 1.4.0 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/le0pard/re2js/releases\"\u003ere2js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport customization of memory limit for RE2Set by \u003ca href=\"https://github.com/le0pard\"\u003e\u003ccode\u003e@​le0pard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/le0pard/re2js/pull/44\"\u003ele0pard/re2js#44\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.2...2.8.3\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.2...2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport more unicode categories, like \u003ccode\u003e\\p{Emoji}\u003c/code\u003e, \u003ccode\u003e\\p{Emoji_Component}\u003c/code\u003e, \u003ccode\u003e\\p{Emoji_Modifier}\u003c/code\u003e, \u003ccode\u003e\\p{ASCII_Hex_Digit}\u003c/code\u003e, etc\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.1...2.8.2\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to rolldown\u003c/li\u003e\n\u003cli\u003eFix typescript types for more methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.0...2.8.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ereplaceAll()\u003c/code\u003e and \u003ccode\u003ereplaceFirst()\u003c/code\u003e now support \u003ccode\u003ereplacement\u003c/code\u003e as function (additional to string type). \u003ca href=\"https://github.com/le0pard/re2js#using-a-replacer-function\"\u003eMore info\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.7.1...2.8.0\"\u003ehttps://github.com/le0pard/re2js/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize per-byte spawning loop for \u003ccode\u003eLOOKBEHINDS\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.7.0...2.7.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.7.0...2.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eInst.arg\u003c/code\u003e memory optimization\u003c/li\u003e\n\u003cli\u003eAST SyntaxError validation for \u003ccode\u003eLOOKBEHINDS\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.6.1...2.7.0\"\u003ehttps://github.com/le0pard/re2js/compare/2.6.1...2.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix desync bug in \u003ccode\u003ematchAll\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.6.0...2.6.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.6.0...2.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ematchAll\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eMigrate to vitest by \u003ca href=\"https://github.com/le0pard\"\u003e\u003ccode\u003e@​le0pard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/le0pard/re2js/pull/42\"\u003ele0pard/re2js#42\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/le0pard/re2js/commits/2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `web-tree-sitter` from 0.26.8 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter/releases\"\u003eweb-tree-sitter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.26.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(actions): bump actions/cache to v5 by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5482\"\u003etree-sitter/tree-sitter#5482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.7 by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5514\"\u003etree-sitter/tree-sitter#5514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(loader): allow filenames with dots by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5538\"\u003etree-sitter/tree-sitter#5538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(rust): fix new clippy lints by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5539\"\u003etree-sitter/tree-sitter#5539\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: bump c test fixture to v0.24.2 by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5542\"\u003etree-sitter/tree-sitter#5542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): pass default optimization level in \u003ccode\u003egenerate_parser_for_grammar\u003c/code\u003e by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5543\"\u003etree-sitter/tree-sitter#5543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(dist): enable install via \u003ccode\u003ecargo binstall\u003c/code\u003e (\u003ca href=\"https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web/issues/5533\"\u003e#5533\u003c/a\u003e) by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5544\"\u003etree-sitter/tree-sitter#5544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a buffer over-read when parsing 4-byte UTF-16 characters. by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5549\"\u003etree-sitter/tree-sitter#5549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(query): overflow in capture pool ids + some perf by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5555\"\u003etree-sitter/tree-sitter#5555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: note zero point unbounded behavior in query functions by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5563\"\u003etree-sitter/tree-sitter#5563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.8 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5574\"\u003etree-sitter/tree-sitter#5574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cli): account for process versions \u0026gt; 5 in the parse command's pretty debug output. by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5577\"\u003etree-sitter/tree-sitter#5577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): improve error message for nonterminals used in immediate token rule by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5583\"\u003etree-sitter/tree-sitter#5583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): rewrite \u003ccode\u003eparse_grammar\u003c/code\u003e with forward DFS by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5584\"\u003etree-sitter/tree-sitter#5584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(wasm): load supertype tables for ABI 15 grammars by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5606\"\u003etree-sitter/tree-sitter#5606\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.9 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5611\"\u003etree-sitter/tree-sitter#5611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Wasm language memory reads by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5613\"\u003etree-sitter/tree-sitter#5613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease v0.26.9 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5612\"\u003etree-sitter/tree-sitter#5612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tree-sitter/tree-sitter/compare/v0.26.8...v0.26.9\"\u003ehttps://github.com/tree-sitter/tree-sitter/compare/v0.26.8...v0.26.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter/commit/7f534862c3ec939c3a6ee147f7600ef5c1bf900f\"\u003e\u003ccode\u003e7f53486\u003c/code\u003e\u003c/a\u003e release v0.26.9\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tree-sitter/tree-sitter/commits/v0.26.9/lib/binding_web\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.3 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.3...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zod` from 4.3.6 to 4.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/colinhacks/zod/releases\"\u003ezod's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003e2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003eb8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5941\"\u003e#5941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3\u003c/li\u003e\n\u003cli\u003e1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5901\"\u003e#5901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps\u003c/li\u003e\n\u003cli\u003e6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5791\"\u003e#5791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing\u003c/li\u003e\n\u003cli\u003ebbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents\u003c/li\u003e\n\u003cli\u003ecf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint\u003c/li\u003e\n\u003cli\u003e292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor\u003c/li\u003e\n\u003cli\u003e1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion\u003c/li\u003e\n\u003cli\u003e1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance\u003c/li\u003e\n\u003cli\u003ee20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes\u003c/li\u003e\n\u003cli\u003ee58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights\u003c/li\u003e\n\u003cli\u003e905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing\u003c/li\u003e\n\u003cli\u003ebf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md\u003c/li\u003e\n\u003cli\u003e8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch\u003c/li\u003e\n\u003cli\u003e02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5929\"\u003e#5929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated \u003ccode\u003ebaseUrl\u003c/code\u003e from tsconfig\u003c/li\u003e\n\u003cli\u003ec59d4474e3b4cad1b323462186cf607178ce8267 4.4.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow\u003c/li\u003e\n\u003cli\u003e95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations\u003c/li\u003e\n\u003cli\u003ecede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eedd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1\u003c/li\u003e\n\u003cli\u003e180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003cp\u003eThis is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.\u003c/p\u003e\n\u003ch2\u003ePotentially breaking bug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca\"\u003e\u003ccode\u003e1fb56a5\u003c/code\u003e\u003c/a\u003e docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559\"\u003e\u003ccode\u003ef3c9ec0\u003c/code\u003e\u003c/a\u003e 4.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8\"\u003e\u003ccode\u003ec2be4f8\u003c/code\u003e\u003c/a\u003e fix(v4): generalize optin/fallback to transform; restore preprocess on absent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168\"\u003e\u003ccode\u003e1cab693\u003c/code\u003e\u003c/a\u003e fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4\"\u003e\u003ccode\u003eb8dffe9\u003c/code\u003e\u003c/a\u003e docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170\"\u003e\u003ccode\u003e9195250\u003c/code\u003e\u003c/a\u003e docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f\"\u003e\u003ccode\u003e2c70332\u003c/code\u003e\u003c/a\u003e docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0\"\u003e\u003ccode\u003e7391be8\u003c/code\u003e\u003c/a\u003e docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2\"\u003e\u003ccode\u003e2aeec83\u003c/code\u003e\u003c/a\u003e docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9\"\u003e\u003ccode\u003e4c2fa95\u003c/code\u003e\u003c/a\u003e docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/colinhacks/zod/compare/v4.3.6...v4.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for zod since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@biomejs/biome` from 2.4.12 to 2.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/releases\"\u003e@​biomejs/biome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBiome CLI v2.5.0\u003c/h2\u003e\n\u003ch2\u003e2.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9539\"\u003e#9539\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/f0615fdae80fa7257fc1d0448d2027cb1acff46e\"\u003e\u003ccode\u003ef0615fd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added a new reporter called \u003ccode\u003econcise\u003c/code\u003e. When \u003ccode\u003e--reporter=concise\u003c/code\u003e is passed the commands \u003ccode\u003eformat\u003c/code\u003e, \u003ccode\u003elint\u003c/code\u003e, \u003ccode\u003echeck\u003c/code\u003e and \u003ccode\u003eci\u003c/code\u003e, the diagnostics are printed in a compact manner:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.\n! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.\n× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.\n× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9495\"\u003e#9495\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/2056b23812a17f9c9a9015e5b725faecb04647b5\"\u003e\u003ccode\u003e2056b23\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/aviraldua93\"\u003e\u003ccode\u003e@​aviraldua93\u003c/code\u003e\u003c/a\u003e! - Added the \u003ca href=\"https://biomejs.dev/linter/rules/use-key-with-click-events/\"\u003e\u003ccode\u003euseKeyWithClickEvents\u003c/code\u003e\u003c/a\u003e a11y lint rule for HTML files (\u003ccode\u003e.html\u003c/code\u003e, \u003ccode\u003e.vue\u003c/code\u003e, \u003ccode\u003e.svelte\u003c/code\u003e, \u003ccode\u003e.astro\u003c/code\u003e). This is a port of the existing JSX rule. The rule enforces that elements with an \u003ccode\u003eonclick\u003c/code\u003e handler also have at least one keyboard event handler (\u003ccode\u003eonkeydown\u003c/code\u003e, \u003ccode\u003eonkeyup\u003c/code\u003e, or \u003ccode\u003eonkeypress\u003c/code\u003e) to ensure keyboard accessibility.\u003c/p\u003e\n\u003cp\u003eInherently keyboard-accessible elements (\u003ccode\u003e\u0026lt;a\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;button\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;input\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;select\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;textarea\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;option\u0026gt;\u003c/code\u003e) are excluded, as are elements hidden from assistive technologies (\u003ccode\u003earia-hidden\u003c/code\u003e) or with \u003ccode\u003erole=\u0026quot;presentation\u0026quot;\u003c/code\u003e / \u003ccode\u003erole=\u0026quot;none\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Invalid: no keyboard handler --\u0026gt;\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\n\u003cp\u003e\u0026lt;!-- Valid: has keyboard handler --\u0026gt;\u003cbr /\u003e\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot; onkeydown=\u0026quot;handleKeyDown()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Valid: inherently keyboard-accessible --\u0026gt;\u003cbr /\u003e\n\u0026lt;button onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Submit\u0026lt;/button\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-undeclared-classes/\"\u003e\u003ccode\u003enoUndeclaredClasses\u003c/code\u003e\u003c/a\u003e for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in \u003ccode\u003eclass=\u0026quot;...\u0026quot;\u003c/code\u003e (or \u003ccode\u003eclassName\u003c/code\u003e) attributes that are not defined in any \u003ccode\u003e\u0026lt;style\u0026gt;\u003c/code\u003e block or linked stylesheet reachable from the file.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- .typo is used but never defined --\u0026gt;\n\u0026lt;html\u0026gt;\n  \u0026lt;head\u0026gt;\n    \u0026lt;style\u0026gt;\n      .button {\n        color: blue;\n      }\n    \u0026lt;/style\u0026gt;\n  \u0026lt;/head\u0026gt;\n  \u0026lt;body\u0026gt;\n    \u0026lt;div class=\u0026quot;button typo\u0026quot;\u0026gt;\u0026lt;/div\u0026gt;\n  \u0026lt;/body\u0026gt;\n\u0026lt;/html\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-unused-classes/\"\u003e\u003ccode\u003enoUnusedClasses\u003c/code\u003e\u003c/a\u003e for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md\"\u003e@​biomejs/biome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9539\"\u003e#9539\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/f0615fdae80fa7257fc1d0448d2027cb1acff46e\"\u003e\u003ccode\u003ef0615fd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added a new reporter called \u003ccode\u003econcise\u003c/code\u003e. When \u003ccode\u003e--reporter=concise\u003c/code\u003e is passed the commands \u003ccode\u003eformat\u003c/code\u003e, \u003ccode\u003elint\u003c/code\u003e, \u003ccode\u003echeck\u003c/code\u003e and \u003ccode\u003eci\u003c/code\u003e, the diagnostics are printed in a compact manner:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.\n! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.\n× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.\n× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9495\"\u003e#9495\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/2056b23812a17f9c9a9015e5b725faecb04647b5\"\u003e\u003ccode\u003e2056b23\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/aviraldua93\"\u003e\u003ccode\u003e@​aviraldua93\u003c/code\u003e\u003c/a\u003e! - Added the \u003ca href=\"https://biomejs.dev/linter/rules/use-key-with-click-events/\"\u003e\u003ccode\u003euseKeyWithClickEvents\u003c/code\u003e\u003c/a\u003e a11y lint rule for HTML files (\u003ccode\u003e.html\u003c/code\u003e, \u003ccode\u003e.vue\u003c/code\u003e, \u003ccode\u003e.svelte\u003c/code\u003e, \u003ccode\u003e.astro\u003c/code\u003e). This is a port of the existing JSX rule. The rule enforces that elements with an \u003ccode\u003eonclick\u003c/code\u003e handler also have at least one keyboard event handler (\u003ccode\u003eonkeydown\u003c/code\u003e, \u003ccode\u003eonkeyup\u003c/code\u003e, or \u003ccode\u003eonkeypress\u003c/code\u003e) to ensure keyboard accessibility.\u003c/p\u003e\n\u003cp\u003eInherently keyboard-accessible elements (\u003ccode\u003e\u0026lt;a\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;button\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;input\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;select\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;textarea\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;option\u0026gt;\u003c/code\u003e) are excluded, as are elements hidden from assistive technologies (\u003ccode\u003earia-hidden\u003c/code\u003e) or with \u003ccode\u003erole=\u0026quot;presentation\u0026quot;\u003c/code\u003e / \u003ccode\u003erole=\u0026quot;none\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Invalid: no keyboard handler --\u0026gt;\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\n\u003cp\u003e\u0026lt;!-- Valid: has keyboard handler --\u0026gt;\u003cbr /\u003e\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot; onkeydown=\u0026quot;handleKeyDown()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Valid: inherently keyboard-accessible --\u0026gt;\u003cbr /\u003e\n\u0026lt;button onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Submit\u0026lt;/button\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-undeclared-classes/\"\u003e\u003ccode\u003enoUndeclaredClasses\u003c/code\u003e\u003c/a\u003e for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in \u003ccode\u003eclass=\u0026quot;...\u0026quot;\u003c/code\u003e (or \u003ccode\u003eclassName\u003c/code\u003e) attributes that are not defined in any \u003ccode\u003e\u0026lt;style\u0026gt;\u003c/code\u003e block or linked stylesheet reachable from the file.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- .typo is used but never defined --\u0026gt;\n\u0026lt;html\u0026gt;\n  \u0026lt;head\u0026gt;\n    \u0026lt;style\u0026gt;\n      .button {\n        color: blue;\n      }\n    \u0026lt;/style\u0026gt;\n  \u0026lt;/head\u0026gt;\n  \u0026lt;body\u0026gt;\n    \u0026lt;div class=\u0026quot;button typo\u0026quot;\u0026gt;\u0026lt;/div\u0026gt;\n  \u0026lt;/body\u0026gt;\n\u0026lt;/html\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-unused-classes/\"\u003e\u003ccode\u003enoUnusedClasses\u003c/code\u003e\u003c/a\u003e for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* styles.css — .ghost is never used in any importing file */\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/c0b98327a3b14e44d8fbd9a11481bf56c505b8ed\"\u003e\u003ccode\u003ec0b9832\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10499\"\u003e#10499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/995c1ffeca039787c93370fed8b970a057e9c073\"\u003e\u003ccode\u003e995c1ff\u003c/code\u003e\u003c/a\u003e feat(lint): add useFunctionComponentDefinition rule (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10498\"\u003e#10498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/311c2b28d2617a66e710ca3391f42ce62c4abfe1\"\u003e\u003ccode\u003e311c2b2\u003c/code\u003e\u003c/a\u003e fix(biome_configuration): avoid Markdown links in JSON schema descriptions (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/04c3f19b9c28f39d27412006fdf916a352ab8def\"\u003e\u003ccode\u003e04c3f19\u003c/code\u003e\u003c/a\u003e fix: docs and readme (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10584\"\u003e#10584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/961f41c9646166ce017014b0c5bc2492d13a0919\"\u003e\u003ccode\u003e961f41c\u003c/code\u003e\u003c/a\u003e refactor(useExportType): improve docs and code (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10569\"\u003e#10569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/78075b7c7cb7490c730a96f4ee9776c9e77826e7\"\u003e\u003ccode\u003e78075b7\u003c/code\u003e\u003c/a\u003e feat(useExportType): add style option (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10561\"\u003e#10561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/66428957e6ca393a802f365b8e643438f19a3039\"\u003e\u003ccode\u003e6642895\u003c/code\u003e\u003c/a\u003e feat: rule promotion for v2.5 (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10562\"\u003e#10562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/9a5855e4191c98149f8278289569b2272b992684\"\u003e\u003ccode\u003e9a5855e\u003c/code\u003e\u003c/a\u003e feat: noRestrictedDependencies (\u003ca href=\"https://githu...\n\n_Description has been truncated_","html_url":"https://github.com/sairam0424/ag-bash/pull/89","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sairam0424%2Fag-bash/issues/89","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/89/packages"},{"uuid":"4614935741","node_id":"PR_kwDORPe1087kAhiM","number":11,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T00:27:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-08T17:04:06.000Z","updated_at":"2026-06-09T00:27:59.000Z","time_to_close":26631,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"ws","old_version":"8.19.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"vitest","old_version":"4.0.18","new_version":"4.1.0","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.12.1","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.12.1` | `11.12.3` |\n\nBumps the npm_and_yarn group with 3 updates in the /ui directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest), [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 4.0.18 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003emeta\u003c/code\u003e in test options  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9535\"\u003evitest-dev/vitest#9535\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7d622e3d1\"\u003e\u003c!-- raw HTML omitted --\u003e(7d622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport type inference with a new \u003ccode\u003etest.extend\u003c/code\u003e syntax  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9550\"\u003evitest-dev/vitest#9550\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e53854fcc\"\u003e\u003c!-- raw HTML omitted --\u003e(e5385)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport vite 8 beta, fix type issues in the config with different vite versions  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9587\"\u003evitest-dev/vitest#9587\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/990281dfd\"\u003e\u003c!-- raw HTML omitted --\u003e(99028)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assertion helper to hide internal stack traces  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9594\"\u003evitest-dev/vitest#9594\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/eeb0ae2f8\"\u003e\u003c!-- raw HTML omitted --\u003e(eeb0a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStore failure screenshots using artifacts API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9588\"\u003evitest-dev/vitest#9588\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/24603e3c4\"\u003e\u003c!-- raw HTML omitted --\u003e(24603)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003evitest list\u003c/code\u003e to statically collect tests instead of running files to collect them  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9630\"\u003evitest-dev/vitest#9630\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7a8e7fc20\"\u003e\u003c!-- raw HTML omitted --\u003e(7a8e7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--detect-async-leaks\u003c/code\u003e  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9528\"\u003evitest-dev/vitest#9528\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c594d4af3\"\u003e\u003c!-- raw HTML omitted --\u003e(c594d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003emockThrow\u003c/code\u003e and \u003ccode\u003emockThrowOnce\u003c/code\u003e  -  by \u003ca href=\"https://github.com/thor-juhasz\"\u003e\u003ccode\u003e@​thor-juhasz\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9512\"\u003evitest-dev/vitest#9512\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/619179fb7\"\u003e\u003c!-- raw HTML omitted --\u003e(61917)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eupdate: \u0026quot;none\u0026quot;\u003c/code\u003e and add docs about snapshots behavior on CI  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9700\"\u003evitest-dev/vitest#9700\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/05f1854e2\"\u003e\u003c!-- raw HTML omitted --\u003e(05f18)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright \u003ccode\u003elaunchOptions\u003c/code\u003e with \u003ccode\u003econnectOptions\u003c/code\u003e  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9702\"\u003evitest-dev/vitest#9702\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f0ff1b2a0\"\u003e\u003c!-- raw HTML omitted --\u003e(f0ff1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003epage/locator.mark\u003c/code\u003e API to enhance playwright trace  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9652\"\u003evitest-dev/vitest#9652\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d0ee546fe\"\u003e\u003c!-- raw HTML omitted --\u003e(d0ee5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport tests starting or ending with \u003ccode\u003etest\u003c/code\u003e in \u003ccode\u003eexperimental_parseSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/jgillick\"\u003e\u003ccode\u003e@​jgillick\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eJeremy Gillick\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9235\"\u003evitest-dev/vitest#9235\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2f367fad3\"\u003e\u003c!-- raw HTML omitted --\u003e(2f367)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd filters to \u003ccode\u003ecreateSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9336\"\u003evitest-dev/vitest#9336\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8e6c7fbf\"\u003e\u003c!-- raw HTML omitted --\u003e(c8e6c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003erunTestFiles\u003c/code\u003e as alternative to \u003ccode\u003erunTestSpecifications\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9443\"\u003evitest-dev/vitest#9443\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/43d761821\"\u003e\u003c!-- raw HTML omitted --\u003e(43d76)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9350\"\u003evitest-dev/vitest#9350\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/20e00ef78\"\u003e\u003c!-- raw HTML omitted --\u003e(20e00)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing down test cases to \u003ccode\u003etoTestSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9627\"\u003evitest-dev/vitest#9627\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6f17d5ddf\"\u003e\u003c!-- raw HTML omitted --\u003e(6f17d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euserEvent.wheel\u003c/code\u003e API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9188\"\u003evitest-dev/vitest#9188\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/660801979\"\u003e\u003c!-- raw HTML omitted --\u003e(66080)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efilterNode\u003c/code\u003e option to prettyDOM for filtering browser assertion error output  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9475\"\u003evitest-dev/vitest#9475\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d3220fcd8\"\u003e\u003c!-- raw HTML omitted --\u003e(d3220)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright persistent context  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9229\"\u003evitest-dev/vitest#9229\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f865d2ba4\"\u003e\u003c!-- raw HTML omitted --\u003e(f865d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edetailsPanelPosition\u003c/code\u003e option and button  -  by \u003ca href=\"https://github.com/shairez\"\u003e\u003ccode\u003e@​shairez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9525\"\u003evitest-dev/vitest#9525\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8a31147c\"\u003e\u003c!-- raw HTML omitted --\u003e(c8a31)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse BlazeDiff instead of pixelmatch  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9514\"\u003evitest-dev/vitest#9514\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/309362089\"\u003e\u003c!-- raw HTML omitted --\u003e(30936)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efindElement\u003c/code\u003e and enable strict mode in webdriverio and preview  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9677\"\u003evitest-dev/vitest#9677\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3f37721c\"\u003e\u003c!-- raw HTML omitted --\u003e(c3f37)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/bomb\"\u003e\u003ccode\u003e@​bomb\u003c/code\u003e\u003c/a\u003e.sh/tab completions  -  by \u003ca href=\"https://github.com/AmirSa12\"\u003e\u003ccode\u003e@​AmirSa12\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8639\"\u003evitest-dev/vitest#8639\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/200f31704\"\u003e\u003c!-- raw HTML omitted --\u003e(200f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003eignore start/stop\u003c/code\u003e ignore hints  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9204\"\u003evitest-dev/vitest#9204\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e59c94ba6\"\u003e\u003c!-- raw HTML omitted --\u003e(e59c9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecoverage.changed\u003c/code\u003e option to report only changed files  -  by \u003ca href=\"https://github.com/kykim00\"\u003e\u003ccode\u003e@​kykim00\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9521\"\u003evitest-dev/vitest#9521\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d9392c67\"\u003e\u003c!-- raw HTML omitted --\u003e(1d939)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexperimental\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonModuleRunner\u003c/code\u003e hook to \u003ccode\u003eworker.init\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9286\"\u003evitest-dev/vitest#9286\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e977f3deb\"\u003e\u003c!-- raw HTML omitted --\u003e(e977f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOption to disable the module runner  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9210\"\u003evitest-dev/vitest#9210\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9be6121ee\"\u003e\u003c!-- raw HTML omitted --\u003e(9be61)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/4150b913171bda3971a4a4c47c633c26d0c6ae45\"\u003e\u003ccode\u003e4150b91\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/1de0aa22dd6311a93546a75a3c58a6be519c1baf\"\u003e\u003ccode\u003e1de0aa2\u003c/code\u003e\u003c/a\u003e fix: correctly identify concurrent test during static analysis (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9846\"\u003e#9846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3cac1c1b5a91d921942e9391fbd94841717363f\"\u003e\u003ccode\u003ec3cac1c\u003c/code\u003e\u003c/a\u003e fix: use isAgent check, not just TTY, for watch mode (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9841\"\u003e#9841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/eab68ba2b8ea6f89717c0b885c573579659d7c3b\"\u003e\u003ccode\u003eeab68ba\u003c/code\u003e\u003c/a\u003e chore(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9824\"\u003e#9824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/031f02a89be34491c441b4da9c4e2bacb7db71df\"\u003e\u003ccode\u003e031f02a\u003c/code\u003e\u003c/a\u003e fix: allow catch/finally for async assertion (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9827\"\u003e#9827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e9e096a231fa0ec6475da82e36cbd6fcc9bc8f9\"\u003e\u003ccode\u003e3e9e096\u003c/code\u003e\u003c/a\u003e feat(reporters): add \u003ccode\u003eagent\u003c/code\u003e reporter to reduce ai agent token usage (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9779\"\u003e#9779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c2c01361a95dd26d0d7fd7bc38bcca8dbc6e5d2\"\u003e\u003ccode\u003e0c2c013\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0-beta.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8181e06e765f4d043818b244c76795022fa78ff6\"\u003e\u003ccode\u003e8181e06\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003ehideSkippedTests\u003c/code\u003e should not hide \u003ccode\u003etest.todo\u003c/code\u003e (fix \u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9562\"\u003e#9562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9781\"\u003e#9781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8216b0014b83612e40ef49f919d5293b68717b3\"\u003e\u003ccode\u003ea8216b0\u003c/code\u003e\u003c/a\u003e fix: manual and redirect mock shouldn't \u003ccode\u003eload\u003c/code\u003e or \u003ccode\u003etransform\u003c/code\u003e original module...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/689a22a1b8c79595f6f4ae82d2b43c895d7f1c50\"\u003e\u003ccode\u003e689a22a\u003c/code\u003e\u003c/a\u003e fix(browser): types of \u003ccode\u003egetCDPSession\u003c/code\u003e and \u003ccode\u003ecdp()\u003c/code\u003e (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9716\"\u003e#9716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.1 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.1...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.212.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.212.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 7.5.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/785416fd2b9827e4cb9bfccd823c3b6836baffb0\"\u003e785416f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution and tests (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/68b5339ea1936c90f526983da29b4267d20f9a51\"\u003e68b5339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e\u003ccode\u003e6406d4c\u003c/code\u003e\u003c/a\u003e fix: optimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e\u003ccode\u003e56782bf\u003c/code\u003e\u003c/a\u003e fix: reserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1dbcfe322899aca50fb82916db7802f647f23f0e\"\u003e\u003ccode\u003e1dbcfe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2035\"\u003e#2035\u003c/a\u003e from protobufjs/release-please--branches--master\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...protobufjs-v7.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 4.0.18 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/Mushy-Snugglebites-badonkadonk/openclaw/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mushy-Snugglebites-badonkadonk%2Fopenclaw/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4612393802","node_id":"PR_kwDOSRFYos7j4Fx2","number":37,"state":"closed","title":"deps(deps): bump the major group with 56 updates","user":"dependabot[bot]","labels":["invalid","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-08T11:16:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-08T11:15:43.000Z","updated_at":"2026-06-08T11:16:09.000Z","time_to_close":17,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"major","update_count":56,"packages":[{"name":"body-parser","old_version":"1.20.5","new_version":"2.2.2","repository_url":"https://github.com/expressjs/body-parser"},{"name":"check-dependencies","old_version":"1.1.1","new_version":"2.0.0","repository_url":"https://github.com/mgol/check-dependencies"},{"name":"config","old_version":"3.3.12","new_version":"4.4.1","repository_url":"https://github.com/node-config/node-config"},{"name":"express","old_version":"4.22.2","new_version":"5.2.1","repository_url":"https://github.com/expressjs/express"},{"name":"express-jwt","old_version":"0.1.3","new_version":"8.5.1","repository_url":"https://github.com/auth0/express-jwt"},{"name":"express-rate-limit","old_version":"7.5.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"express-robots-txt","old_version":"0.5.0","new_version":"1.0.0","repository_url":"https://github.com/modosc/express-robots-txt"},{"name":"file-type","old_version":"16.5.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"9.1.0","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"fuzzball","old_version":"1.4.0","new_version":"2.2.6","repository_url":"https://github.com/nol13/fuzzball.js"},{"name":"glob","old_version":"10.5.0","new_version":"13.0.6","repository_url":"https://github.com/isaacs/node-glob"},{"name":"grunt-contrib-compress","old_version":"1.6.0","new_version":"2.0.0","repository_url":"https://github.com/gruntjs/grunt-contrib-compress"},{"name":"helmet","old_version":"4.6.0","new_version":"8.2.0","repository_url":"https://github.com/helmetjs/helmet"},{"name":"html-entities","old_version":"1.4.0","new_version":"2.6.0","repository_url":"https://github.com/mdevils/html-entities"},{"name":"js-yaml","old_version":"3.14.2","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jsonwebtoken","old_version":"0.4.0","new_version":"9.0.3","repository_url":"https://github.com/auth0/node-jsonwebtoken"},{"name":"multer","old_version":"1.4.5-lts.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"otplib","old_version":"12.0.1","new_version":"13.4.1","repository_url":"https://github.com/yeojz/otplib"},{"name":"prom-client","old_version":"14.2.0","new_version":"15.1.3","repository_url":"https://github.com/siimon/prom-client"},{"name":"sanitize-html","old_version":"1.4.2","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"socket.io","old_version":"3.1.2","new_version":"4.8.3","repository_url":"https://github.com/socketio/socket.io"},{"name":"sqlite3","old_version":"5.1.7","new_version":"6.0.1","repository_url":"https://github.com/TryGhost/node-sqlite3"},{"name":"ts-node-dev","old_version":"1.1.8","new_version":"2.0.0","repository_url":"https://github.com/whitecolor/ts-node-dev"},{"name":"@types/chai","old_version":"4.3.20","new_version":"5.2.3","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/config","old_version":"3.3.5","new_version":"4.4.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/diff","old_version":"7.0.2","new_version":"8.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/express","old_version":"4.17.25","new_version":"5.0.6","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/express-jwt","old_version":"6.0.4","new_version":"7.4.4","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/fs-extra","old_version":"9.0.13","new_version":"11.0.4","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/glob","old_version":"7.2.0","new_version":"9.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/jest","old_version":"26.0.24","new_version":"30.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/js-yaml","old_version":"3.12.10","new_version":"4.0.9","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/jsonwebtoken","old_version":"8.5.9","new_version":"9.0.10","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/mocha","old_version":"8.2.3","new_version":"10.0.10","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/multer","old_version":"1.4.13","new_version":"2.1.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/node","old_version":"20.19.42","new_version":"25.9.2","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sanitize-html","old_version":"1.27.2","new_version":"2.16.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sequelize","old_version":"4.28.20","new_version":"6.12.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sinon","old_version":"10.0.20","new_version":"21.0.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sinon-chai","old_version":"3.2.12","new_version":"4.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/socket.io","old_version":"2.1.13","new_version":"3.0.2","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/socket.io-client","old_version":"1.4.36","new_version":"3.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"6.18.1","new_version":"8.60.1","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"@typescript-eslint/parser","old_version":"6.18.1","new_version":"8.60.1","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"chai","old_version":"4.5.0","new_version":"6.2.2","repository_url":"https://github.com/chaijs/chai"},{"name":"concurrently","old_version":"5.3.0","new_version":"10.0.3","repository_url":"https://github.com/open-cli-tools/concurrently"},{"name":"cypress","old_version":"13.17.0","new_version":"15.16.0","repository_url":"https://github.com/cypress-io/cypress"},{"name":"eslint","old_version":"8.57.1","new_version":"10.4.1","repository_url":"https://github.com/eslint/eslint"},{"name":"eslint-plugin-promise","old_version":"6.6.0","new_version":"7.3.0","repository_url":"https://github.com/eslint-community/eslint-plugin-promise"},{"name":"jest","old_version":"29.7.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"mocha","old_version":"8.4.0","new_version":"11.7.6","repository_url":"https://github.com/mochajs/mocha"},{"name":"nyc","old_version":"15.1.0","new_version":"18.0.0","repository_url":"https://github.com/istanbuljs/nyc"},{"name":"sinon","old_version":"11.1.2","new_version":"22.0.0","repository_url":"https://github.com/sinonjs/sinon"},{"name":"sinon-chai","old_version":"3.7.0","new_version":"4.0.1","repository_url":"https://github.com/chaijs/sinon-chai"},{"name":"socket.io-client","old_version":"3.1.3","new_version":"4.8.3","repository_url":"https://github.com/socketio/socket.io"},{"name":"typescript","old_version":"5.3.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the major group with 56 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [body-parser](https://github.com/expressjs/body-parser) | `1.20.5` | `2.2.2` |\n| [check-dependencies](https://github.com/mgol/check-dependencies) | `1.1.1` | `2.0.0` |\n| [config](https://github.com/node-config/node-config) | `3.3.12` | `4.4.1` |\n| [express](https://github.com/expressjs/express) | `4.22.2` | `5.2.1` |\n| [express-jwt](https://github.com/auth0/express-jwt) | `0.1.3` | `8.5.1` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.5.2` |\n| [express-robots-txt](https://github.com/modosc/express-robots-txt) | `0.5.0` | `1.0.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `16.5.4` | `22.0.1` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `9.1.0` | `11.3.5` |\n| [fuzzball](https://github.com/nol13/fuzzball.js) | `1.4.0` | `2.2.6` |\n| [glob](https://github.com/isaacs/node-glob) | `10.5.0` | `13.0.6` |\n| [grunt-contrib-compress](https://github.com/gruntjs/grunt-contrib-compress) | `1.6.0` | `2.0.0` |\n| [helmet](https://github.com/helmetjs/helmet) | `4.6.0` | `8.2.0` |\n| [html-entities](https://github.com/mdevils/html-entities) | `1.4.0` | `2.6.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.2` | `4.2.0` |\n| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `0.4.0` | `9.0.3` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.2` | `2.1.1` |\n| [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) | `12.0.1` | `13.4.1` |\n| [prom-client](https://github.com/siimon/prom-client) | `14.2.0` | `15.1.3` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `1.4.2` | `2.17.4` |\n| [socket.io](https://github.com/socketio/socket.io) | `3.1.2` | `4.8.3` |\n| [sqlite3](https://github.com/TryGhost/node-sqlite3) | `5.1.7` | `6.0.1` |\n| [ts-node-dev](https://github.com/whitecolor/ts-node-dev) | `1.1.8` | `2.0.0` |\n| [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai) | `4.3.20` | `5.2.3` |\n| [@types/config](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/config) | `3.3.5` | `4.4.0` |\n| [@types/diff](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/diff) | `7.0.2` | `8.0.0` |\n| [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.25` | `5.0.6` |\n| [@types/express-jwt](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express-jwt) | `6.0.4` | `7.4.4` |\n| [@types/fs-extra](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/fs-extra) | `9.0.13` | `11.0.4` |\n| [@types/glob](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/glob) | `7.2.0` | `9.0.0` |\n| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `26.0.24` | `30.0.0` |\n| [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) | `3.12.10` | `4.0.9` |\n| [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) | `8.5.9` | `9.0.10` |\n| [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) | `8.2.3` | `10.0.10` |\n| [@types/multer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/multer) | `1.4.13` | `2.1.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.42` | `25.9.2` |\n| [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) | `1.27.2` | `2.16.1` |\n| [@types/sequelize](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sequelize) | `4.28.20` | `6.12.0` |\n| [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) | `10.0.20` | `21.0.1` |\n| [@types/sinon-chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon-chai) | `3.2.12` | `4.0.0` |\n| [@types/socket.io](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/socket.io) | `2.1.13` | `3.0.2` |\n| [@types/socket.io-client](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/socket.io-client) | `1.4.36` | `3.0.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `6.18.1` | `8.60.1` |\n| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.18.1` | `8.60.1` |\n| [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.2` |\n| [concurrently](https://github.com/open-cli-tools/concurrently) | `5.3.0` | `10.0.3` |\n| [cypress](https://github.com/cypress-io/cypress) | `13.17.0` | `15.16.0` |\n| [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.4.1` |\n| [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) | `6.6.0` | `7.3.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.4.2` |\n| [mocha](https://github.com/mochajs/mocha) | `8.4.0` | `11.7.6` |\n| [nyc](https://github.com/istanbuljs/nyc) | `15.1.0` | `18.0.0` |\n| [sinon](https://github.com/sinonjs/sinon) | `11.1.2` | `22.0.0` |\n| [sinon-chai](https://github.com/chaijs/sinon-chai) | `3.7.0` | `4.0.1` |\n| [socket.io-client](https://github.com/socketio/socket.io) | `3.1.3` | `4.8.3` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.3.3` | `6.0.3` |\n\nUpdates `body-parser` from 1.20.5 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.0 / 2025-03-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: normalize common options for all parsers\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003eiconv-lite@^0.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.1.0 / 2025-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.0\u003c/li\u003e\n\u003cli\u003edebug@^4.4.0\u003c/li\u003e\n\u003cli\u003eRemoved destroy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003erefactor: prefix built-in node module imports\u003c/li\u003e\n\u003cli\u003euse the node require cache instead of custom caching\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.2 / 2024-10-31\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eremove \u003ccode\u003eunpipe\u003c/code\u003e package and use native \u003ccode\u003eunpipe()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.1 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore expected behavior \u003ccode\u003eextended\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.0 / 2024-09-10\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode.js 18 is the minimum supported version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.5...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `check-dependencies` from 1.1.1 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mgol/check-dependencies/releases\"\u003echeck-dependencies's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cp\u003eNotable non-breaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esupport npm package aliases (\u003ca href=\"https://redirect.github.com/mgol/check-dependencies/issues/50\"\u003e#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereduced a number of external dependencies\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enpm prune\u003c/code\u003e is no longer called as\u003ccode\u003enpm install\u003c/code\u003e already prunes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBreaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edropped the callback interface - use promises instead\u003c/li\u003e\n\u003cli\u003edropped the \u003ccode\u003echeckCustomPackageNames\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003eCLI argument parsing is more strict now; camelCase parameter versions like \u003ccode\u003e--packageDir\u003c/code\u003e are no longer supported; use their kebab-case versions like \u003ccode\u003e--package-dir\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003edropped Bower support\u003c/li\u003e\n\u003cli\u003edropped support for Node.js \u003ccode\u003e\u0026lt;18.3\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/03c88471d9b99857bcc78171fc5dd89a4a402a16\"\u003e\u003ccode\u003e03c8847\u003c/code\u003e\u003c/a\u003e Tag 2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/65d9ef555c2e986b849e7abeac0474bfee663b0e\"\u003e\u003ccode\u003e65d9ef5\u003c/code\u003e\u003c/a\u003e Set Node.js requirement in package.json engines to \u0026gt;=18.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/4917ab0b9362530a95cc2bef028c2a6dcedf2ab7\"\u003e\u003ccode\u003e4917ab0\u003c/code\u003e\u003c/a\u003e Simplify the spawn logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/fc04cc87fe4284c083702e36a9a4055034d9fcc9\"\u003e\u003ccode\u003efc04cc8\u003c/code\u003e\u003c/a\u003e Drop support for the callback interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/28257dd04168aab66793fd0fe8ed0f46d52abec9\"\u003e\u003ccode\u003e28257dd\u003c/code\u003e\u003c/a\u003e Tweak ESLint settings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/dc16e8ac809502cf7509ef2de7429895b806535e\"\u003e\u003ccode\u003edc16e8a\u003c/code\u003e\u003c/a\u003e Drop the bluebird devDependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/412337ae3691296cbe7c2d69f0c51201894afc07\"\u003e\u003ccode\u003e412337a\u003c/code\u003e\u003c/a\u003e Drop fs-extra \u0026amp; graceful-fs devDependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/091279a22472c299cbdba0ab6e3e8a2dfbba11b5\"\u003e\u003ccode\u003e091279a\u003c/code\u003e\u003c/a\u003e Drop the findup-sync dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/10ac9c5b2ed92cdad11ce0f390551072e7509f18\"\u003e\u003ccode\u003e10ac9c5\u003c/code\u003e\u003c/a\u003e Drop lodash.camelcase \u0026amp; minimist dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/35dce52450b99241942c24d18a572c55fecc44d9\"\u003e\u003ccode\u003e35dce52\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mgol/check-dependencies/compare/1.1.1...2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `config` from 3.3.12 to 4.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-config/node-config/releases\"\u003econfig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes for some method signature declarations\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.4.0...v4.4.1\"\u003ehttps://github.com/node-config/node-config/compare/v4.4.0...v4.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTypescript types added to project by \u003ca href=\"https://github.com/mdkitzman\"\u003e\u003ccode\u003e@​mdkitzman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewithModuleDefaults()\u003c/code\u003e function added to support separate module defaults for multiple versions\u003c/li\u003e\n\u003cli\u003eRework raw.js to function like the new defer mechanism.\u003c/li\u003e\n\u003cli\u003e./raw.js is also now deprecated, and will be removed in 5.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mdkitzman\"\u003e\u003ccode\u003e@​mdkitzman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/877\"\u003enode-config/node-config#877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.3.0...v4.4.0\"\u003ehttps://github.com/node-config/node-config/compare/v4.3.0...v4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enew callback mechanism for handling deferred and async configuration evaluation\u003c/li\u003e\n\u003cli\u003e./async.js and ./defer.js are now deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Async and Deferred mechanism\u003c/h3\u003e\n\u003cp\u003eInstead of using async.js and defer.js, your executable config files can return a synchronous or asynchronous function. Note that if you use async deferred functions through the new mechanism, \u003cstrong\u003eyou need to call Util.resolveAsyncConfig()\u003c/strong\u003e instead of the old version.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eUtil.resolveAsyncConfig()\u003c/code\u003e also fixes an issue where using defer in an array did not function properly \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/876\"\u003e#876\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe old implementations have been marked as deprecated and will issue warnings to console.error to indicate use of the old pathways. The old functions are incompatible with ESM loading conventions and will be removed at the beginning of the 5.0 cycle to facilitate conversion of the library to ESM.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.2.1...v4.3.0\"\u003ehttps://github.com/node-config/node-config/compare/v4.2.1...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore config.util.getEnv() by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/874\"\u003enode-config/node-config#874\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.2.0...v4.2.1\"\u003ehttps://github.com/node-config/node-config/compare/v4.2.0...v4.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDelete deprecated functions in Config.util, and associated tests. by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/845\"\u003enode-config/node-config#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDefault to yaml over js-yaml by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/859\"\u003enode-config/node-config#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAll deprecated functions in config.util have been removed. Please use lib/util for similar functionality\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/878648c638abb25dcfa9673defff3068802fa383\"\u003e\u003ccode\u003e878648c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/892\"\u003e#892\u003c/a\u003e from jdmarshall/typefixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/506149bfce3b4101e2d323433d8da57a51cc7f33\"\u003e\u003ccode\u003e506149b\u003c/code\u003e\u003c/a\u003e Fix some type declarations, including those for \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/890\"\u003e#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/228c4ad3c62769dbb0ea336d25c182c8fb547195\"\u003e\u003ccode\u003e228c4ad\u003c/code\u003e\u003c/a\u003e 4.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/407f80c51d8532bb00cb01fa12c7d662645af27d\"\u003e\u003ccode\u003e407f80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/888\"\u003e#888\u003c/a\u003e from jdmarshall/getRegression\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/d71db3c92f0d8d1c20ca6f6574f0c30d1e05c819\"\u003e\u003ccode\u003ed71db3c\u003c/code\u003e\u003c/a\u003e Update baseline and add 4.3 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/10b0c8e6d60e4524b5a7c1c8636ed7a1c279325a\"\u003e\u003ccode\u003e10b0c8e\u003c/code\u003e\u003c/a\u003e Fix perf regression in Config.get()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/2d3e179877fc0c51ca180f17f3cde0919b5b1bf9\"\u003e\u003ccode\u003e2d3e179\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/887\"\u003e#887\u003c/a\u003e from jdmarshall/benchmarks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/a35a7cd400feebbaf6a67d51e16a76e16af699e7\"\u003e\u003ccode\u003ea35a7cd\u003c/code\u003e\u003c/a\u003e Matrix builds and separate benchmarks from ci run.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/1156350d94230466fa325103169e14618038d5ca\"\u003e\u003ccode\u003e1156350\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/883\"\u003e#883\u003c/a\u003e from jdmarshall/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/f9d2818455b20404814c668c6472c37dd1b4e227\"\u003e\u003ccode\u003ef9d2818\u003c/code\u003e\u003c/a\u003e Fix badges and Release Notes link.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-config/node-config/compare/v3.3.12...v4.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jdmarshall\"\u003ejdmarshall\u003c/a\u003e, a new releaser for config since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.22.2 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003cbr /\u003e\nThe prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease: 5.2.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6933\"\u003eexpressjs/express#6933\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/expressjs/express/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6429\"\u003eexpressjs/express#6429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: simplify \u003ccode\u003eacceptsLanguages\u003c/code\u003e implementation using spread operator by \u003ca href=\"https://github.com/Ayoub-Mabrouk\"\u003e\u003ccode\u003e@​Ayoub-Mabrouk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6137\"\u003eexpressjs/express#6137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eincreased code coverage of utils.js file by \u003ca href=\"https://github.com/ashish3011\"\u003e\u003ccode\u003e@​ashish3011\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6386\"\u003eexpressjs/express#6386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove duplicate word by \u003ca href=\"https://github.com/dufucun\"\u003e\u003ccode\u003e@​dufucun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6456\"\u003eexpressjs/express#6456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6498\"\u003eexpressjs/express#6498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6497\"\u003eexpressjs/express#6497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6496\"\u003eexpressjs/express#6496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6504\"\u003eexpressjs/express#6504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update codeql config by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6488\"\u003eexpressjs/express#6488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6512\"\u003eexpressjs/express#6512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix typos in test by \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6535\"\u003eexpressjs/express#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: disable credential persistence for checkout actions by \u003ca href=\"https://github.com/mertssmnoglu\"\u003e\u003ccode\u003e@​mertssmnoglu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6522\"\u003eexpressjs/express#6522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: allow manual triggering of workflow by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6515\"\u003eexpressjs/express#6515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: add coverage for app.listen() variants by \u003ca href=\"https://github.com/kgarg1\"\u003e\u003ccode\u003e@​kgarg1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6476\"\u003eexpressjs/express#6476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: move documentation and charters to the discussions and .github … by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6427\"\u003eexpressjs/express#6427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6549\"\u003eexpressjs/express#6549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6548\"\u003eexpressjs/express#6548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: enforce explicit \u003ccode\u003eBuffer\u003c/code\u003e import and add lint rule by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6525\"\u003eexpressjs/express#6525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: use node protocol for querystring by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6520\"\u003eexpressjs/express#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix typo by \u003ca href=\"https://github.com/mountdisk\"\u003e\u003ccode\u003e@​mountdisk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6609\"\u003eexpressjs/express#6609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6618\"\u003eexpressjs/express#6618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deprecation warnings for redirect arguments undefined by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6405\"\u003eexpressjs/express#6405\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: run CI when the markdown changes by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6632\"\u003eexpressjs/express#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: fix CONTRIBUTING link by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6653\"\u003eexpressjs/express#6653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: update contributing guidelines and code of conduct links by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6601\"\u003eexpressjs/express#6601\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump morgan from 1.10.0 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6679\"\u003eexpressjs/express#6679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6678\"\u003eexpressjs/express#6678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elint: add --fix flag to automatic fix linting issue by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6644\"\u003eexpressjs/express#6644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: ignore yarn.lock file and update example by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6588\"\u003eexpressjs/express#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elib: use req.socket over deprecated req.connection by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6705\"\u003eexpressjs/express#6705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: update express app example by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6718\"\u003eexpressjs/express#6718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6675\"\u003eexpressjs/express#6675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove history.md from being packaged on publish by \u003ca href=\"https://github.com/sheplu\"\u003e\u003ccode\u003e@​sheplu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6780\"\u003eexpressjs/express#6780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/master/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.2.1 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRevert security fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.2.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003ebody-parser@^2.2.1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eA deprecation warning was added when using \u003ccode\u003eres.redirect\u003c/code\u003e with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.1.0 / 2025-03-31\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eUint8Array\u003c/code\u003e in \u003ccode\u003eres.send()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for ETag option in \u003ccode\u003eres.sendFile()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for multiple links with the same rel in \u003ccode\u003eres.links()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd funding field to package.json\u003c/li\u003e\n\u003cli\u003eperf: use loop for acceptParams\u003c/li\u003e\n\u003cli\u003erefactor: prefix built-in node module imports\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003esetprototypeof\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003esafe-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003eutils-merge\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003emethods\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003edepd\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003edebug@^4.4.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003ebody-parser@^2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003erouter@^2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003econtent-type@^1.0.5\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003efinalhandler@^2.1.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003eqs@^6.14.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003eserver-static@2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003etype-is@2.0.1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.0.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003ecookie\u003c/code\u003e semver lock to address \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.0.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eremove:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epath-is-absolute\u003c/code\u003e dependency - use \u003ccode\u003epath.isAbsolute\u003c/code\u003e instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebreaking:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eres.status()\u003c/code\u003e accepts only integers, and input must be greater than 99 and less than 1000\n\u003cul\u003e\n\u003cli\u003ewill throw a \u003ccode\u003eRangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.\u003c/code\u003e for inputs outside this range\u003c/li\u003e\n\u003cli\u003ewill throw a \u003ccode\u003eTypeError: Invalid status code: ${code}. Status code must be an integer.\u003c/code\u003e for non integer inputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@1.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dbac741a49a5a64336b70c06e85c2e2706e36336\"\u003e\u003ccode\u003edbac741\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/697547cde621d8b0a47b4fff6e98b29337f8c980\"\u003e\u003ccode\u003e697547c\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;sec: security patch for CVE-2024-51999\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/4007ad103ba29f6426b2ec9eccfb1ceb792682a8\"\u003e\u003ccode\u003e4007ad1\u003c/code\u003e\u003c/a\u003e Release: 5.2.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255\"\u003e\u003ccode\u003e2f64f68\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/ed0ba3f1dc905d6b62eabf23bd383abcae4901ba\"\u003e\u003ccode\u003eed0ba3f\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6928\"\u003e#6928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8eace4603cb2547608578a4fbb259dc984216f71\"\u003e\u003ccode\u003e8eace46\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6929\"\u003e#6929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/30bae810279b2ea162bed5b14ce6c35a110a87f5\"\u003e\u003ccode\u003e30bae81\u003c/code\u003e\u003c/a\u003e build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6930\"\u003e#6930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/758d4355d45322b4c8cd347ebcefbf3b154c7e7f\"\u003e\u003ccode\u003e758d435\u003c/code\u003e\u003c/a\u003e deps: body-parser@^2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6922\"\u003e#6922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/77bcd5274a87047e5b3fe2f17f6c342db3909c53\"\u003e\u003ccode\u003e77bcd52\u003c/code\u003e\u003c/a\u003e docs: update emeritus triagers (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6890\"\u003e#6890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/f33caf1f89a028f0ea98ff5a156a68e65a2eabdd\"\u003e\u003ccode\u003ef33caf1\u003c/code\u003e\u003c/a\u003e Nominate to \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e for triage team (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6888\"\u003e#6888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/v4.22.2...v5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-jwt` from 0.1.3 to 8.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/express-jwt/blob/master/CHANGELOG.md\"\u003eexpress-jwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file starting from version \u003cstrong\u003ev4.0.0\u003c/strong\u003e.\nThis project adheres to \u003ca href=\"http://semver.org/\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.3.0 - 2023-01-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erequestProperty support for nested properties (\u003ca href=\"https://github.com/auth0/express-jwt/commit/bbd3606ce68da2602733d6e4ac32564570753ca1\"\u003ebbd3606ce68da2602733d6e4ac32564570753ca1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Typescript instructions in Readme.MD (\u003ca href=\"https://github.com/auth0/express-jwt/commit/3c1d5cf8a08a6afbcfc78640b8cdb26fac8002ca\"\u003e3c1d5cf8a08a6afbcfc78640b8cdb26fac8002ca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.2.1 - 2022-12-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd secret rotation example in readme. close \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/310\"\u003e#310\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/0000a44ed58aac97798007af19b0324f28acc436\"\u003e0000a44ed58aac97798007af19b0324f28acc436\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/310\"\u003e#310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate \u003ccode\u003e@​types/jsonwebtoken\u003c/code\u003e and fix deps in package-lock (\u003ca href=\"https://github.com/auth0/express-jwt/commit/2322a9b67a5b5c716f953a53a0bb4bbc696d0a11\"\u003e2322a9b67a5b5c716f953a53a0bb4bbc696d0a11\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.2.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd an optional handler for expired tokens. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/6048\"\u003e#6048\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/ca6c90ccbb4b61b91f417a5dfa56f0b931b81528\"\u003eca6c90ccbb4b61b91f417a5dfa56f0b931b81528\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/6048\"\u003e#6048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate type to match jwks-rsa (\u003ca href=\"https://github.com/auth0/express-jwt/commit/bcad8af9cad82b3777cc38d1c05864a35f82bc53\"\u003ebcad8af9cad82b3777cc38d1c05864a35f82bc53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: export middleware options type. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/308\"\u003e#308\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/25a30f0d50c02cc75ab17b09f3592e76e09f9666\"\u003e25a30f0d50c02cc75ab17b09f3592e76e09f9666\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/308\"\u003e#308\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade jsonwebtoken to v9. \u003ca href=\"https://github.com/advisories/GHSA-27h2-hvpr-p74q\"\u003ehttps://github.com/advisories/GHSA-27h2-hvpr-p74q\u003c/a\u003e .\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.3 - 2022-05-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tsc build error for express-unless (\u003ca href=\"https://github.com/auth0/express-jwt/commit/e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198\"\u003ee1fe1d264bc5363e008d23fea9d8c5d2ac0d8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove esModuleInterop and fix assert import in tests (\u003ca href=\"https://github.com/auth0/express-jwt/commit/9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201\"\u003e9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.2 - 2022-05-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix instaceof comparison for UnauthorizedError. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/292\"\u003e#292\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/6c87fe401ecba868feda1ffa530082c7c539321a\"\u003e6c87fe401ecba868feda1ffa530082c7c539321a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/292\"\u003e#292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate changelog (\u003ca href=\"https://github.com/auth0/express-jwt/commit/b1344fa7f6f9dd3d27115a9107b3ef4323733895\"\u003eb1344fa7f6f9dd3d27115a9107b3ef4323733895\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.1 - 2022-05-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix readme and package-lock (\u003ca href=\"https://github.com/auth0/express-jwt/commit/7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1\"\u003e7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebuild(deps): required runtime types (\u003ca href=\"https://github.com/auth0/express-jwt/commit/f3f5af5c214241b4f92b91c49db8586ec20e4526\"\u003ef3f5af5c214241b4f92b91c49db8586ec20e4526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: fix tiny typo (\u003ca href=\"https://github.com/auth0/express-jwt/commit/07e771857489b6344a8dc457069d040a76e84230\"\u003e07e771857489b6344a8dc457069d040a76e84230\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.0 - 2022-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeprecate ExpressJwtRequest in favor of Request with optional auth, closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/284\"\u003e#284\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/de169def56f98f4237741aa6755d0c5e248bd561\"\u003ede169def56f98f4237741aa6755d0c5e248bd561\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/284\"\u003e#284\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.6.2 - 2022-05-02\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/0dfe63b9a702b0755ec60d171152747942210be6\"\u003e\u003ccode\u003e0dfe63b\u003c/code\u003e\u003c/a\u003e 8.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/105ef5ec66fa32aa5861a09d3290545253adcbbb\"\u003e\u003ccode\u003e105ef5e\u003c/code\u003e\u003c/a\u003e add readme to package.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/c028e7098ea3dbdd4684f6e4960564e38fccdb96\"\u003e\u003ccode\u003ec028e70\u003c/code\u003e\u003c/a\u003e 8.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/75203815ab759f65aa114f4eb01faa58bc0e1e0c\"\u003e\u003ccode\u003e7520381\u003c/code\u003e\u003c/a\u003e fix: signature of middleware returned\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/ecd42788a7a24641ec78c8b21767c5f8aca5600a\"\u003e\u003ccode\u003eecd4278\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/f42a0e99422fe85fadd0a209b8497b64995e94cf\"\u003e\u003ccode\u003ef42a0e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/339\"\u003e#339\u003c/a\u003e from auth0/integrate-semgrep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/dacb316f8d485a9c335434f2812561ca9c282ecb\"\u003e\u003ccode\u003edacb316\u003c/code\u003e\u003c/a\u003e Create semgrep.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/00763facd650da5aa378ed876f4a1e863957642b\"\u003e\u003ccode\u003e00763fa\u003c/code\u003e\u003c/a\u003e Modify tests to actually exercise wrong signature case by removing base64 pad...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/d15b92c3424ecb1713df106f615c2a770ddbc0b8\"\u003e\u003ccode\u003ed15b92c\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/d1e88c73ed81b67d8f43eb748f8f33aa5c5b4aaf\"\u003e\u003ccode\u003ed1e88c7\u003c/code\u003e\u003c/a\u003e Merge branch 'glensc-patch-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/auth0/express-jwt/compare/v0.1.3...v8.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-rate-limit` from 7.5.1 to 8.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/releases\"\u003eexpress-rate-limit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.5.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.5.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.5.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.2.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.2.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.1.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/97746932253e6c734569140e71357b2633eb1912\"\u003e\u003ccode\u003e9774693\u003c/code\u003e\u003c/a\u003e 8.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/0e94cc0176ca0e4960bd6992f1d105766fb9532c\"\u003e\u003ccode\u003e0e94cc0\u003c/code\u003e\u003c/a\u003e v8.5.2 changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/9a583c566aa5aaeb8b94312e9e9dbf711f89e7b3\"\u003e\u003ccode\u003e9a583c5\u003c/code\u003e\u003c/a\u003e feat: simplify IPv6 key generation (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/4f4b3fb78f96ac841a26122be1d82123271d7654\"\u003e\u003ccode\u003e4f4b3fb\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/3c1d6c57bddc0d7c9923611fd1ac1e17399a4865\"\u003e\u003ccode\u003e3c1d6c5\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 7 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/631\"\u003e#631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/18884b671441b14dd0e9328a5ebedf51278a16c1\"\u003e\u003ccode\u003e18884b6\u003c/code\u003e\u003c/a\u003e chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/630\"\u003e#630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/dacc9800e640b14c61cd8791ef59d75d0ac037a7\"\u003e\u003ccode\u003edacc980\u003c/code\u003e\u003c/a\u003e chore(deps): bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/629\"\u003e#629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/486d0c608a95f344863302bb213fb09ea9ddf5de\"\u003e\u003ccode\u003e486d0c6\u003c/code\u003e\u003c/a\u003e chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/627\"\u003e#627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/50cc3f6345f603ac2fe4eb646edd7338b9a31fbb\"\u003e\u003ccode\u003e50cc3f6\u003c/code\u003e\u003c/a\u003e 8.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/92c8e3efd87b9b9f89092b1f9c8c17ac134c1293\"\u003e\u003ccode\u003e92c8e3e\u003c/code\u003e\u003c/a\u003e chore: bump ip-address library to latest (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/626\"\u003e#626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v7.5.1...v8.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-robots-txt` from 0.5.0 to 1.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modosc/express-robots-txt/blob/main/HISTORY.md\"\u003eexpress-robots-txt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v1.0.0] - {2021-08-20}\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRewrite as es6, add separate commonjs + esm exports\u003c/li\u003e\n\u003cli\u003eUpdate deps\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/2791589d8c96fc4d2190cc217d262d70cc569a93\"\u003e\u003ccode\u003e2791589\u003c/code\u003e\u003c/a\u003e es6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/55\"\u003e#55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/0eb20919053c95e94b5d439a9fd48a98147d35bd\"\u003e\u003ccode\u003e0eb2091\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/940a03c2ebc9b8b8798df855ac92535e4240b060\"\u003e\u003ccode\u003e940a03c\u003c/code\u003e\u003c/a\u003e Bump supertest from 6.1.3 to 6.1.5 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/52\"\u003e#52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/6c933f1f9936c1470b0ad405310b5979294ccdff\"\u003e\u003ccode\u003e6c933f1\u003c/code\u003e\u003c/a\u003e Bump jest from 27.0.4 to 27.0.6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/50\"\u003e#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/308c9057a4baf7365d515cae1920f57653229711\"\u003e\u003ccode\u003e308c905\u003c/code\u003e\u003c/a\u003e Bump path-parse from 1.0.6 to 1.0.7 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/53\"\u003e#53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/0bdaaa00b7781540b145fe18abdca11c7a924aee\"\u003e\u003ccode\u003e0bdaaa0\u003c/code\u003e\u003c/a\u003e Bump jest from 26.6.3 to 27.0.4 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/48\"\u003e#48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/974a926e5dfbfcca2d99742032e4750ca478c22d\"\u003e\u003ccode\u003e974a926\u003c/code\u003e\u003c/a\u003e Bump ws from 7.4.3 to 7.4.6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/46\"\u003e#46\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/c12444cfcf67cde0d249495d11bbc9b4a7e3f686\"\u003e\u003ccode\u003ec12444c\u003c/code\u003e\u003c/a\u003e Bump hosted-git-info from 2.8.8 to 2.8.9 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/43\"\u003e#43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/72f7ca8ab5f45592e9d9a49df94e73e03814c793\"\u003e\u003ccode\u003e72f7ca8\u003c/code\u003e\u003c/a\u003e Bump lodash from 4.17.20 to 4.17.21 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/6c35250df606de1bd355cd93850514cea82bb037\"\u003e\u003ccode\u003e6c35250\u003c/code\u003e\u003c/a\u003e Bump chai from 4.3.3 to 4.3.4 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/42\"\u003e#42\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modosc/express-robots-txt/compare/v0.5.0...v1.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 16.5.4 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fs-extra` from 9.1.0 to 11.3.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md\"\u003efs-extra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e11.3.5 / 2026-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eensureLink*\u003c/code\u003e/\u003ccode\u003eensureSymlink*\u003c/code\u003e identical file detection on Windows (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix error handling in timestamp preservation code (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1065\"\u003e#1065\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential file descriptor leak on error in synchronous timestamp preservation code (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1066\"\u003e#1066\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.4 / 2026-03-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where calling \u003ccode\u003eensureSymlink\u003c/code\u003e/\u003ccode\u003eensureSymlinkSync\u003c/code\u003e with a relative \u003ccode\u003esrcPath\u003c/code\u003e would fail if the symlink already existed (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1038\"\u003e#1038\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.3 / 2025-12-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix copying symlink when destination is a symlink to the same target (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1019\"\u003e#1019\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1060\"\u003e#1060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.2 / 2025-09-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix spurrious \u003ccode\u003eUnhandledPromiseRejectionWarning\u003c/code\u003e that could occur when calling \u003ccode\u003e.copy()\u003c/code\u003e in some cases (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1056\"\u003e#1056\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.1 / 2025-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix case where \u003ccode\u003emove\u003c/code\u003e/\u003ccode\u003emoveSync\u003c/code\u003e could incorrectly think files are identical on Windows (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.0 / 2025-01-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd promise support for newer \u003ccode\u003efs\u003c/code\u003e methods (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1044\"\u003e#1044\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1045\"\u003e#1045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003efs.opendir\u003c/code\u003e in \u003ccode\u003ecopy()\u003c/code\u003e/\u003ccode\u003ecopySync()\u003c/code\u003e for better perf/scalability (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/972\"\u003e#972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1028\"\u003e#1028\u003c/a\u003e)...\n\n_Description has been truncated_","html_url":"https://github.com/mo0om/juice-shop/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mo0om%2Fjuice-shop/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"},{"uuid":"4568253130","node_id":"PR_kwDOD_J6Kc7hn95e","number":1102,"state":"open","title":"chore(deps): Bump the client-prod-deps group across 1 directory with 9 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:50:48.000Z","updated_at":"2026-06-02T03:50:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"client-prod-deps","update_count":9,"packages":[{"name":"@sentry/vue","old_version":"10.38.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@zip.js/zip.js","old_version":"2.8.8","new_version":"2.8.26","repository_url":"https://github.com/gildas-lormeau/zip.js"},{"name":"axios","old_version":"1.15.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.4.0","new_version":"3.4.5","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"file-type","old_version":"21.3.2","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"pdfjs-dist","old_version":"5.4.624","new_version":"5.7.284","repository_url":"https://github.com/mozilla/pdf.js"},{"name":"vue","old_version":"3.5.30","new_version":"3.5.34","repository_url":"https://github.com/vuejs/core"},{"name":"vue-i18n","old_version":"11.3.0","new_version":"11.4.4","repository_url":"https://github.com/intlify/vue-i18n"},{"name":"vue-router","old_version":"4.6.4","new_version":"5.0.7","repository_url":"https://github.com/vuejs/router"}],"path":null,"ecosystem":"npm"},"body":"Bumps the client-prod-deps group with 9 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@sentry/vue](https://github.com/getsentry/sentry-javascript) | `10.38.0` | `10.53.1` |\n| [@zip.js/zip.js](https://github.com/gildas-lormeau/zip.js) | `2.8.8` | `2.8.26` |\n| [axios](https://github.com/axios/axios) | `1.15.2` | `1.16.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.0` | `3.4.5` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.2` | `22.0.1` |\n| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `5.4.624` | `5.7.284` |\n| [vue](https://github.com/vuejs/core) | `3.5.30` | `3.5.34` |\n| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.3.0` | `11.4.4` |\n| [vue-router](https://github.com/vuejs/router) | `4.6.4` | `5.0.7` |\n\n\nUpdates `@sentry/vue` from 10.38.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/vue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/vue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.38.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@zip.js/zip.js` from 2.8.8 to 2.8.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gildas-lormeau/zip.js/releases\"\u003e\u003ccode\u003e@​zip.js/zip.js's releases\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix return types for entry progress callbacks by \u003ca href=\"https://github.com/EvanHahn\"\u003e\u003ccode\u003e@​EvanHahn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/pull/648\"\u003egildas-lormeau/zip.js#648\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gildas-lormeau/zip.js/compare/v2.8.25...v2.8.26\"\u003ehttps://github.com/gildas-lormeau/zip.js/compare/v2.8.25...v2.8.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixed \u003ccode\u003eHttpRangeReader\u003c/code\u003e bug when reading compressed sizes multiples of 65536 (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes, attempt to fix NPM publishing\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed zip64 auto-detection with \u003ccode\u003ekeepOrder\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eZip files containing entries larger than 4 GB or larger than 4 GB are now handled correctly when entries are written in parallel with \u003ccode\u003ekeepOrder\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e. The zip64 extra field in the central directory is now built from actual offset and disk number values at close time, rather than being predicted at entry creation time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.22\u003c/h2\u003e\n\u003cp\u003eFixed support of option \u003ccode\u003ekeepOrder\u003c/code\u003e when set to \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eZipWriter\u003c/code\u003e (the option is set to \u003ccode\u003etrue\u003c/code\u003e by default)\u003c/p\u003e\n\u003ch2\u003ev2.8.21\u003c/h2\u003e\n\u003cp\u003eImplemented workaround (feature test) for \u003ccode\u003eDOMException\u003c/code\u003e serialization bug in Deno version 2.6.x (fix \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/636\"\u003egildas-lormeau/zip.js#636\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.8.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed inadvertently removed \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/ZipWriterConstructorOptions.html#createtempstream\"\u003ecreateTempStream\u003c/a\u003e option into \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/WorkerConfiguration.html#transferstreams\"\u003etransferStreams\u003c/a\u003e support in \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.19\u003c/h2\u003e\n\u003cp\u003eRemoved unwanted \u003ccode\u003eweb-worker\u003c/code\u003e dependency inadvertently added in the \u003ccode\u003epackage.json\u003c/code\u003e file of version \u003ccode\u003e2.8.17\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/ZipWriterConstructorOptions.html#createtempstream\"\u003e\u003ccode\u003ecreateTempStream\u003c/code\u003e\u003c/a\u003e option to \u003ccode\u003eZipWriter\u003c/code\u003e, used when adding entries in parallel, for custom temporary buffered write storage (e.g. filesystem, OPFS, network) instead of the default in-memory \u003ccode\u003eTransformStream\u003c/code\u003e (see this \u003ca href=\"https://github.com/gildas-lormeau/zip.js/blob/4cf50a673b73213ebf0d673333ef928738a06e79/tests/all/test-custom-temp-buffer.js\"\u003etest\u003c/a\u003e for a usage example)\u003c/li\u003e\n\u003cli\u003eImproved buffering implementation  in \u003ccode\u003eZipWriter\u003c/code\u003e by removing the \u003ccode\u003eBlob\u003c/code\u003e/\u003ccode\u003eResponse\u003c/code\u003e usage\u003c/li\u003e\n\u003cli\u003eFixed minor regression introduced in version \u003ccode\u003e2.8.16\u003c/code\u003e when the web worker URI is not a data or blob URI (workers were not working with code using ES6 \u003ccode\u003eimport\u003c/code\u003e) (see \u003ca href=\"https://github.com/gildas-lormeau/zip.js/blob/c6ab5788eadb09dbc23208b1e438b2eec4ffa531/tests/all/test-core.js\"\u003erelated test\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.17\u003c/h2\u003e\n\u003cp\u003eFixed support of Web Workers when running zip.js with Bun (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/638\"\u003e#638\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.8.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented lazy evaluation of the existence of the \u003ccode\u003eWorker\u003c/code\u003e API to facilitate the use of polyfills on Node.js (e.g. \u003ca href=\"https://www.npmjs.com/package/web-worker\"\u003e\u003ccode\u003eweb-worker\u003c/code\u003e\u003c/a\u003e), see \u003ca href=\"https://github.com/gildas-lormeau/zip.js/discussions/635#discussioncomment-15633490\"\u003ehttps://github.com/gildas-lormeau/zip.js/discussions/635#discussioncomment-15633490\u003c/a\u003e for more info\u003c/li\u003e\n\u003cli\u003eUpdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed NPM Access Token expiration issue (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/633\"\u003egildas-lormeau/zip.js#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed minor issues in the documentation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/3cf1e4c5bcf92f3e0393c391fb485a0fba6a92a1\"\u003e\u003ccode\u003e3cf1e4c\u003c/code\u003e\u003c/a\u003e bump up version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/7ad2d4259a3193ee169dffc2a8e2053b76794e20\"\u003e\u003ccode\u003e7ad2d42\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/5484569bd1fe28423166efd99cd7ee7147ada8d8\"\u003e\u003ccode\u003e5484569\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/648\"\u003e#648\u003c/a\u003e from EvanHahn/fix-types-for-progress-callbacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/88ce65474df30eb8b32378a8990df3f38764408a\"\u003e\u003ccode\u003e88ce654\u003c/code\u003e\u003c/a\u003e bump up version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/93de55a7f3e3206bc411871f0905e495760ed39b\"\u003e\u003ccode\u003e93de55a\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/5c4c70530bd9d879d516e190202125e09cc8106f\"\u003e\u003ccode\u003e5c4c705\u003c/code\u003e\u003c/a\u003e update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/ddd83971c0c5eb70692701756632137f80ee4958\"\u003e\u003ccode\u003eddd8397\u003c/code\u003e\u003c/a\u003e fix HttpRangeRedaer when reading compressed sizes multiples of 65536 (fix \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/860e29c363ea075f91bbaea8a0891ff80e0f724c\"\u003e\u003ccode\u003e860e29c\u003c/code\u003e\u003c/a\u003e Fix return types for entry progress callbacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/a21f85004cdfdaa69d7cf4e60dd4aac7b12a7040\"\u003e\u003ccode\u003ea21f850\u003c/code\u003e\u003c/a\u003e bump up version (fix npm issue?)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/0cc3a3c6310105930619187bef909436d972fa63\"\u003e\u003ccode\u003e0cc3a3c\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gildas-lormeau/zip.js/compare/v2.8.8...v2.8.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ca href=\"https://github.com/zip\"\u003e\u003ccode\u003e@​zip\u003c/code\u003e\u003c/a\u003e.js/zip.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.15.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.15.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.4.0 to 3.4.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🚨 \u003cstrong\u003eThis release had been flagged as deprecated, please use DOMPurify 3.4.5 instead\u003c/strong\u003e 🚨\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with handling of nested Shadow DOM trees, thanks \u003ca href=\"https://github.com/fishjojo1\"\u003e\u003ccode\u003e@​fishjojo1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the template regexes to be more robust against ReDoS attacks, thanks \u003ca href=\"https://github.com/aleung27\"\u003e\u003ccode\u003e@​aleung27\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the node iteration code to catch more Shadow DOM related issues\u003c/li\u003e\n\u003cli\u003eUpdated Playwright and added Node 26 to test matrix\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with URI validation on attributes allowed via \u003ccode\u003eADD_ATTR\u003c/code\u003e callback, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with source maps referring to non-existing files, thanks \u003ca href=\"https://github.com/cmdcolin\"\u003e\u003ccode\u003e@​cmdcolin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3\"\u003e\u003ccode\u003e5817ad9\u003c/code\u003e\u003c/a\u003e release: 3.4.4 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b\"\u003e\u003ccode\u003e520edb0\u003c/code\u003e\u003c/a\u003e release: 3.4.3 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1352\"\u003e#1352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0\"\u003e\u003ccode\u003e6f67fd3\u003c/code\u003e\u003c/a\u003e Sync/3.4.2 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1322\"\u003e#1322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.4.0...3.4.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.2 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pdfjs-dist` from 5.4.624 to 5.7.284\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/pdf.js/releases\"\u003epdfjs-dist's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.7.284\u003c/h2\u003e\n\u003cp\u003eThis release contains improvements for accessibility, annotations, the annotation editor, font conversion, image conversion, performance, shading pattern rendering, SMask rendering and the viewer.\u003c/p\u003e\n\u003ch2\u003eChanges since v5.6.205\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the stable version in \u003ccode\u003epdfjs.config\u003c/code\u003e by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21004\"\u003emozilla/pdf.js#21004\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Rewrite the ps lexer \u0026amp; parser and add a small Wasm compiler by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21002\"\u003emozilla/pdf.js#21002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Node.js] Remove the \u003ccode\u003enode-readable-to-web-readable-stream\u003c/code\u003e polyfill by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21007\"\u003emozilla/pdf.js#21007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd attachments when merging/reorganizing a pdf (bug 2026956) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21013\"\u003emozilla/pdf.js#21013\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't use an intermediate canvas when rendering a tiling pattern bigger than the rectangle to fill by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/18815\"\u003emozilla/pdf.js#18815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid expressions duplication in the ps AST and use a local instead when compiling to WASM by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21008\"\u003emozilla/pdf.js#21008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for function-based shadings (bug 1254066) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21012\"\u003emozilla/pdf.js#21012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an interpreter for optimized ps code by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21010\"\u003emozilla/pdf.js#21010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEncrypt pdf data when merging the same pdf (bug 2028369) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21022\"\u003emozilla/pdf.js#21022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003eMathClamp\u003c/code\u003e helper function more by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21026\"\u003emozilla/pdf.js#21026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003el10n: Update locale files by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21033\"\u003emozilla/pdf.js#21033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eOffscreenCanvas\u003c/code\u003e unconditionally in the \u003ccode\u003eweb/pdf_thumbnail_view.js\u003c/code\u003e file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21021\"\u003emozilla/pdf.js#21021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix wrong values when sanitizing fonts by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21031\"\u003emozilla/pdf.js#21031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA couple of small \u003ccode\u003ecollectAnnotationsByType\u003c/code\u003e improvements by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21034\"\u003emozilla/pdf.js#21034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove the \u003ccode\u003eMathClamp\u003c/code\u003e helper function to its own file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21027\"\u003emozilla/pdf.js#21027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace all \u003ccode\u003eObject.prototype.hasOwnProperty\u003c/code\u003e usage with \u003ccode\u003eObject.hasOwn\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21029\"\u003emozilla/pdf.js#21029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Change \u003ccode\u003ePDFDataRangeTransport\u003c/code\u003e to use a single (internal)  listener by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21028\"\u003emozilla/pdf.js#21028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix radial gradient when the two circles have an intersection by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21014\"\u003emozilla/pdf.js#21014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a js fallback for interpreting ps code by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21023\"\u003emozilla/pdf.js#21023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGet the right transform for a pattern before filling some text by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21019\"\u003emozilla/pdf.js#21019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an eslint plugin for using MathClamp when it's possible by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21030\"\u003emozilla/pdf.js#21030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the annotation base transform before drawing it by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21020\"\u003emozilla/pdf.js#21020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the unused \u003ccode\u003ecompilePostScriptToIR\u003c/code\u003e function (PR 21023 follow-up) by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21037\"\u003emozilla/pdf.js#21037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Remove \u003ccode\u003ePostScriptCompiler\u003c/code\u003e and \u003ccode\u003ePostScriptEvaluator\u003c/code\u003e, since it's now dead code (PR 21023 follow-up) by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21005\"\u003emozilla/pdf.js#21005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix comments for (is/has)Singlefile in pdf_editor by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21036\"\u003emozilla/pdf.js#21036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies to the most recent versions by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21035\"\u003emozilla/pdf.js#21035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003ecalculateMD5\u003c/code\u003e helper, from \u003ccode\u003etest/downloadutils.mjs\u003c/code\u003e, in \u003ccode\u003etest/add_test.mjs\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21038\"\u003emozilla/pdf.js#21038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce a function type enumeration by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21041\"\u003emozilla/pdf.js#21041\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the original array-data when parsing Type 0 (Sampled) Functions by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21040\"\u003emozilla/pdf.js#21040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix intermittent failure in the \u0026quot;must check that the comment sidebar is resizable with the keyboard\u0026quot; comment integration test by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21045\"\u003emozilla/pdf.js#21045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix intermittent integration test failures related to checking the find count results text by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21043\"\u003emozilla/pdf.js#21043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Update the minimum supported Node.js version to 22 by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21018\"\u003emozilla/pdf.js#21018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unnecessary \u0026quot;flooring\u0026quot; of the components when setting the Annotation \u003ccode\u003eborderColor\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21047\"\u003emozilla/pdf.js#21047\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace individual AI/ML disabling preferences with the single killswitch preference in the tests by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21046\"\u003emozilla/pdf.js#21046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShorten the \u003ccode\u003esrc/core/postscript/\u003c/code\u003e code a tiny bit by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21048\"\u003emozilla/pdf.js#21048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnconditionally create a gpu device by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21049\"\u003emozilla/pdf.js#21049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003estringToBytes\u003c/code\u003e helper in the \u003ccode\u003ePDFEditor.prototype.writePDF\u003c/code\u003e method by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21051\"\u003emozilla/pdf.js#21051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the l10n-id for the sidebar toggleButton, in the \u003ccode\u003eViewsManager\u003c/code\u003e class by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21055\"\u003emozilla/pdf.js#21055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce allocations when compiling CFF fonts by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21053\"\u003emozilla/pdf.js#21053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the way to write numbers when saving a pdf by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21054\"\u003emozilla/pdf.js#21054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake sure the thumbnails positions are recomputed after a structural change but after a reflow has been done (bug 2028193) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21059\"\u003emozilla/pdf.js#21059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 4.33.0 to 4.35.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21056\"\u003emozilla/pdf.js#21056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace a couple of loops with \u003ccode\u003eTypedArray.prototype.fill()\u003c/code\u003e in the \u003ccode\u003esrc/core/ascii_85_stream.js\u003c/code\u003e file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21050\"\u003emozilla/pdf.js#21050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/deploy-pages from 4.0.5 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21058\"\u003emozilla/pdf.js#21058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump codecov/codecov-action from 5.5.2 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21057\"\u003emozilla/pdf.js#21057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid as much as possible to have intermediate canvases by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21061\"\u003emozilla/pdf.js#21061\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/7e5b36c2d572ba82e1e3adeb1c266f0052746c73\"\u003e\u003ccode\u003e7e5b36c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21171\"\u003e#21171\u003c/a\u003e from calixteman/bug2034980\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/dc3c07b3e371af20c87b991e6c7517e32c163f4b\"\u003e\u003ccode\u003edc3c07b\u003c/code\u003e\u003c/a\u003e Allow free-highlighting on top of image placeholders (bug 2034980)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/01b315a8f3d4576cd8639082e845195d9b148527\"\u003e\u003ccode\u003e01b315a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21176\"\u003e#21176\u003c/a\u003e from calixteman/bug2035197\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/c9a7ff05062f0a463d3a82d2590b1c6ad6125711\"\u003e\u003ccode\u003ec9a7ff0\u003c/code\u003e\u003c/a\u003e Fix merging PDFs with conflicting AcroForm /DR (bug 2035197)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/d9f175d36daa3e0ac26d5ab921899eaace917058\"\u003e\u003ccode\u003ed9f175d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21174\"\u003e#21174\u003c/a\u003e from nicolo-ribaudo/fix-comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/81678f20cab04e65c4a2f4a85d0a17a1397258ff\"\u003e\u003ccode\u003e81678f2\u003c/code\u003e\u003c/a\u003e Fix array type in CanvasBBoxTracker comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/8d3d370daac0cced39cb7370aaec9ab28ec9cbbd\"\u003e\u003ccode\u003e8d3d370\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21170\"\u003e#21170\u003c/a\u003e from calixteman/speedup_typetest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/da0b99ce68557eb2cec698e1bbe727323f441e59\"\u003e\u003ccode\u003eda0b99c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/20371\"\u003e#20371\u003c/a\u003e from timvandermeij/github-actions-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/3b8f55603d3ed60e6a13f35416662ee9cf5d4812\"\u003e\u003ccode\u003e3b8f556\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21154\"\u003e#21154\u003c/a\u003e from calixteman/bug2034804\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/38beff5cef056c237cfdc255fe00aa7657bfd8c1\"\u003e\u003ccode\u003e38beff5\u003c/code\u003e\u003c/a\u003e Speed up 'gulp typestest' by removing the unused 'generic' dependency\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/pdf.js/compare/v5.4.624...v5.7.284\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vue` from 3.5.30 to 3.5.34\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vuejs/core/releases\"\u003evue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.34\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.33\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.32\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.31\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003evue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vuejs/core/compare/v3.5.33...v3.5.34\"\u003e3.5.34\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e infer Vue ref wrapper types when source is unresolvable (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14758\"\u003e#14758\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/7f46fd411b4e3f75ca755ee1318ea8e9aff43f56\"\u003e7f46fd4\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14729\"\u003e#14729\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e preserve hash hrefs on \u003ccode\u003e\u0026lt;image\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14756\"\u003e#14756\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/090b2e3a5149ec951c5313b270e5400a1fc870ce\"\u003e090b2e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e resolve type re-exports inside declare global (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14766\"\u003e#14766\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/acfffe34e7724a84c21bb8e51e8a5bc0da35f350\"\u003eacfffe3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereactivity:\u003c/strong\u003e prevent orphan effect when created in a stopped scope (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14778\"\u003e#14778\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/c8e2d4adc9112d2529de0434acc1188dfc399bf4\"\u003ec8e2d4a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14777\"\u003e#14777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eruntime-core:\u003c/strong\u003e avoid symbol coercion during props validation (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/8539\"\u003e#8539\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/23d4fb5a6a070df3d2d4a043f0f62c141e376095\"\u003e23d4fb5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/8487\"\u003e#8487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esuspense:\u003c/strong\u003e avoid DOM leak with out-in transition in v-if fragment (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14762\"\u003e#14762\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/9667e0d498ab39273614682986a666c3e73024d9\"\u003e9667e0d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14761\"\u003e#14761\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vuejs/core/compare/v3.5.32...v3.5.33\"\u003e3.5.33\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e handle nested :deep in selector pseudos (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14725\"\u003e#14725\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/bb9d265d8dcdde2af824fc01b24f9a7b3169f5fa\"\u003ebb9d265\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14724\"\u003e#14724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereactivity:\u003c/strong\u003e unlink effect scopes on out-of-order off (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14734\"\u003e#14734\u003c/a\u003e)...\n\n_Description has been truncated_","html_url":"https://github.com/admariner/parsec-cloud/pull/1102","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/admariner%2Fparsec-cloud/issues/1102","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1102/packages"},{"uuid":"4568155888","node_id":"PR_kwDOQRcFuc7hnpgd","number":75,"state":"open","title":"chore(deps)(deps): bump the production-dependencies group across 1 directory with 69 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:30:47.000Z","updated_at":"2026-06-02T03:32:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"production-dependencies","update_count":69,"packages":[{"name":"ajv","old_version":"8.18.0","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"cosmiconfig","old_version":"9.0.0","new_version":"9.0.1","repository_url":"https://github.com/cosmiconfig/cosmiconfig"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@anthropic-ai/claude-code","old_version":"2.1.50","new_version":"2.1.160","repository_url":"https://github.com/anthropics/claude-code"},{"name":"@babel/code-frame","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/runtime","old_version":"7.28.6","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@borewit/text-codec","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/Borewit/text-codec"},{"name":"@google/genai","old_version":"1.42.0","new_version":"1.52.0","repository_url":"https://github.com/googleapis/js-genai"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@modelcontextprotocol/sdk","old_version":"1.26.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@protobufjs/codegen","old_version":"2.0.4","new_version":"2.0.5","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/eventemitter","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/fetch","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/inquire","old_version":"1.1.0","new_version":"1.1.2","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@supabase/supabase-js","old_version":"2.97.0","new_version":"2.106.2","repository_url":"https://github.com/supabase/supabase-js"},{"name":"fastmcp","old_version":"3.33.0","new_version":"3.35.0","repository_url":"https://github.com/punkpeye/fastmcp"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"b4a","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/holepunchto/b4a"},{"name":"bare-events","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/holepunchto/bare-events"},{"name":"bare-fs","old_version":"4.5.4","new_version":"4.7.1","repository_url":"https://github.com/holepunchto/bare-fs"},{"name":"bare-os","old_version":"3.6.2","new_version":"3.9.1","repository_url":"https://github.com/holepunchto/bare-os"},{"name":"bare-path","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/holepunchto/bare-path"},{"name":"bare-stream","old_version":"2.8.0","new_version":"2.13.1","repository_url":"https://github.com/holepunchto/bare-stream"},{"name":"bare-url","old_version":"2.3.2","new_version":"2.4.3","repository_url":"https://github.com/holepunchto/bare-url"},{"name":"es-object-atoms","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/ljharb/es-object-atoms"},{"name":"eventsource-parser","old_version":"3.0.6","new_version":"3.1.0","repository_url":"https://github.com/rexxars/eventsource-parser"},{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"figlet","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/patorjk/figlet.js"},{"name":"file-type","old_version":"21.3.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"fuse.js","old_version":"7.1.0","new_version":"7.4.1","repository_url":"https://github.com/krisk/Fuse"},{"name":"gaxios","old_version":"7.1.3","new_version":"7.1.4","repository_url":"https://github.com/googleapis/google-cloud-node-core"},{"name":"get-east-asian-width","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/sindresorhus/get-east-asian-width"},{"name":"google-auth-library","old_version":"10.5.0","new_version":"10.6.2","repository_url":"https://github.com/googleapis/google-cloud-node-core"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.4","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"hono","old_version":"4.12.1","new_version":"4.12.23","repository_url":"https://github.com/honojs/hono"},{"name":"jsonfile","old_version":"6.2.0","new_version":"6.2.1","repository_url":"https://github.com/jprichardson/node-jsonfile"},{"name":"koa","old_version":"3.1.1","new_version":"3.2.1","repository_url":"https://github.com/koajs/koa"},{"name":"mcp-proxy","old_version":"6.4.0","new_version":"6.5.1","repository_url":"https://github.com/punkpeye/mcp-proxy"},{"name":"nan","old_version":"2.25.0","new_version":"2.27.0","repository_url":"https://github.com/nodejs/nan"},{"name":"node-abi","old_version":"3.87.0","new_version":"3.92.0","repository_url":"https://github.com/electron/node-abi"},{"name":"protobufjs","old_version":"6.11.4","new_version":"6.11.6","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"pipenet","old_version":"1.4.0","new_version":"1.4.2","repository_url":"https://github.com/punkpeye/pipenet"},{"name":"pump","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/mafintosh/pump"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"side-channel-list","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/ljharb/side-channel-list"},{"name":"sql.js","old_version":"1.14.0","new_version":"1.14.1","repository_url":"https://github.com/sql-js/sql.js"},{"name":"strtok3","old_version":"10.3.4","new_version":"10.3.5","repository_url":"https://github.com/Borewit/strtok3"},{"name":"type-is","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/jshttp/type-is"},{"name":"undici","old_version":"7.22.0","new_version":"7.27.0","repository_url":"https://github.com/nodejs/undici"},{"name":"validator","old_version":"13.15.26","new_version":"13.15.35","repository_url":"https://github.com/validatorjs/validator.js"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"zod-to-json-schema","old_version":"3.25.1","new_version":"3.25.2","repository_url":"https://github.com/StefanTerdell/zod-to-json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 58 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` |\n| [cosmiconfig](https://github.com/cosmiconfig/cosmiconfig) | `9.0.0` | `9.0.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [@anthropic-ai/claude-code](https://github.com/anthropics/claude-code) | `2.1.50` | `2.1.160` |\n| [@babel/code-frame](https://github.com/babel/babel/tree/HEAD/packages/babel-code-frame) | `7.29.0` | `7.29.7` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.28.6` | `7.29.7` |\n| [@borewit/text-codec](https://github.com/Borewit/text-codec) | `0.2.1` | `0.2.2` |\n| [@google/genai](https://github.com/googleapis/js-genai) | `1.42.0` | `1.52.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.26.0` | `1.29.0` |\n| [@protobufjs/codegen](https://github.com/dcodeIO/protobuf.js) | `2.0.4` | `2.0.5` |\n| [@protobufjs/eventemitter](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@protobufjs/fetch](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@protobufjs/inquire](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.2` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.97.0` | `2.106.2` |\n| [fastmcp](https://github.com/punkpeye/fastmcp) | `3.33.0` | `3.35.0` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [b4a](https://github.com/holepunchto/b4a) | `1.8.0` | `1.8.1` |\n| [bare-events](https://github.com/holepunchto/bare-events) | `2.8.2` | `2.8.3` |\n| [bare-fs](https://github.com/holepunchto/bare-fs) | `4.5.4` | `4.7.1` |\n| [bare-os](https://github.com/holepunchto/bare-os) | `3.6.2` | `3.9.1` |\n| [bare-path](https://github.com/holepunchto/bare-path) | `3.0.0` | `3.0.1` |\n| [bare-stream](https://github.com/holepunchto/bare-stream) | `2.8.0` | `2.13.1` |\n| [bare-url](https://github.com/holepunchto/bare-url) | `2.3.2` | `2.4.3` |\n| [es-object-atoms](https://github.com/ljharb/es-object-atoms) | `1.1.1` | `1.1.2` |\n| [eventsource-parser](https://github.com/rexxars/eventsource-parser) | `3.0.6` | `3.1.0` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.5.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [figlet](https://github.com/patorjk/figlet.js) | `1.10.0` | `1.11.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` |\n| [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.4.1` |\n| [gaxios](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/gaxios) | `7.1.3` | `7.1.4` |\n| [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` |\n| [google-auth-library](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/google-auth-library-nodejs) | `10.5.0` | `10.6.2` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.4` |\n| [hono](https://github.com/honojs/hono) | `4.12.1` | `4.12.23` |\n| [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` |\n| [koa](https://github.com/koajs/koa) | `3.1.1` | `3.2.1` |\n| [mcp-proxy](https://github.com/punkpeye/mcp-proxy) | `6.4.0` | `6.5.1` |\n| [nan](https://github.com/nodejs/nan) | `2.25.0` | `2.27.0` |\n| [node-abi](https://github.com/electron/node-abi) | `3.87.0` | `3.92.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.4` | `6.11.6` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [pipenet](https://github.com/punkpeye/pipenet) | `1.4.0` | `1.4.2` |\n| [pump](https://github.com/mafintosh/pump) | `3.0.3` | `3.0.4` |\n| [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.2` |\n| [side-channel-list](https://github.com/ljharb/side-channel-list) | `1.0.0` | `1.0.1` |\n| [sql.js](https://github.com/sql-js/sql.js) | `1.14.0` | `1.14.1` |\n| [strtok3](https://github.com/Borewit/strtok3) | `10.3.4` | `10.3.5` |\n| [type-is](https://github.com/jshttp/type-is) | `2.0.1` | `2.1.0` |\n| [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.27.0` |\n| [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |\n| [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.1` | `3.25.2` |\n\n\nUpdates `ajv` from 8.18.0 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cosmiconfig` from 9.0.0 to 9.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/blob/main/CHANGELOG.md\"\u003ecosmiconfig's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a race condition where multiple instances existing simultaneously could cause cosmiconfig to fail to load TypeScript config files.\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where CWD being a short path (e.g. \u003ccode\u003eC:\\Users\\USERNA~1\u003c/code\u003e) would cause cosmiconfig to fail to load ESM config files.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/9a5cda3785913cce1eb5fa257e5994914b9ec599\"\u003e\u003ccode\u003e9a5cda3\u003c/code\u003e\u003c/a\u003e 9.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/2174017c97461f3bcc9873e613a886cb6f68b2b9\"\u003e\u003ccode\u003e2174017\u003c/code\u003e\u003c/a\u003e update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/536d4a02a00a571f4fd9aeff4d8305734d2a1847\"\u003e\u003ccode\u003e536d4a0\u003c/code\u003e\u003c/a\u003e Prevent race conditions when running multiple instances of \u003ccode\u003ecosmiconfig\u003c/code\u003e and ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/4b48611addab10e87336d09d681bc4de42ed85db\"\u003e\u003ccode\u003e4b48611\u003c/code\u003e\u003c/a\u003e remove debug log\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/53d17450120e1cb656484f81331b3e105b1e6bf4\"\u003e\u003ccode\u003e53d1745\u003c/code\u003e\u003c/a\u003e remove more EOL node versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/7c1a1e328beb830da829c8191e9a74e4a69b61e0\"\u003e\u003ccode\u003e7c1a1e3\u003c/code\u003e\u003c/a\u003e replace resolve with realpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/fcc908446c8869d025778f0149265480ab6272be\"\u003e\u003ccode\u003efcc9084\u003c/code\u003e\u003c/a\u003e add additional path.resolve for windows short paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/7e995c859ede41181850cbf320fe53ff22400482\"\u003e\u003ccode\u003e7e995c8\u003c/code\u003e\u003c/a\u003e debug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/52b6b1c9fa43230b6b034a6319c18ffc33f29d30\"\u003e\u003ccode\u003e52b6b1c\u003c/code\u003e\u003c/a\u003e drop node 14 build as it seems to fail for unreachable reasons\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/db45e388b3cc33d2ea993ea4f4845bad86c9ca81\"\u003e\u003ccode\u003edb45e38\u003c/code\u003e\u003c/a\u003e fix tests on windows (3)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/compare/v9.0.0...v9.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@anthropic-ai/claude-code` from 2.1.50 to 2.1.160\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code/releases\"\u003e@​anthropic-ai/claude-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.160\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a prompt before writing to shell startup files (\u003ccode\u003e.zshenv\u003c/code\u003e, \u003ccode\u003e.zlogin\u003c/code\u003e, \u003ccode\u003e.bash_login\u003c/code\u003e) and \u003ccode\u003e~/.config/git/\u003c/code\u003e, which could otherwise lead to unintended command execution\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eacceptEdits\u003c/code\u003e mode now prompts before writing build-tool config files that grant code execution (\u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.yarnrc*\u003c/code\u003e, \u003ccode\u003ebunfig.toml\u003c/code\u003e, \u003ccode\u003e.bazelrc\u003c/code\u003e, \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e, \u003ccode\u003e.devcontainer/\u003c/code\u003e, etc.)\u003c/li\u003e\n\u003cli\u003eEdit no longer requires a separate Read after viewing a file with \u003ccode\u003egrep\u003c/code\u003e: single-file \u003ccode\u003egrep\u003c/code\u003e/\u003ccode\u003eegrep\u003c/code\u003e/\u003ccode\u003efgrep\u003c/code\u003e commands now satisfy the read-before-edit check\u003c/li\u003e\n\u003cli\u003eFixed copy-on-select not writing to the Windows clipboard on WSL — now uses PowerShell interop instead of OSC 52, which terminals like MobaXterm don't support\u003c/li\u003e\n\u003cli\u003eFixed restoring a completed session from \u003ccode\u003eclaude agents\u003c/code\u003e dropping chat history and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed background sessions re-attached after overnight retire losing their conversation and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude --bg\u003c/code\u003e occasionally failing with \u0026quot;socket missing\u0026quot; when the background daemon was cold-starting on a loaded machine\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where the directory a background session was started in could not be deleted after \u003ccode\u003eclaude rm\u003c/code\u003e until the background daemon exited\u003c/li\u003e\n\u003cli\u003eFixed background agents that resumed work being shown under Completed in the agents list\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e freezing for several seconds when returning to the session list due to the auto-updater re-checking on every exit\u003c/li\u003e\n\u003cli\u003eFixed Esc, arrow keys, and typing becoming unresponsive on Windows when attached to a background session or in the agent view while the host is under heavy CPU load\u003c/li\u003e\n\u003cli\u003eFixed background agents emitting terminal sync-output markers to terminals that don't support them (Apple Terminal, tmux), causing render artifacts when entering a running agent\u003c/li\u003e\n\u003cli\u003eFixed mouse wheel scrolling prompt history instead of the transcript right after opening a session from the agents list\u003c/li\u003e\n\u003cli\u003eFixed CJK IME composition appearing at the bottom-left of the screen instead of at the input caret in the \u003ccode\u003eclaude agents\u003c/code\u003e view\u003c/li\u003e\n\u003cli\u003eFixed valid \u003ccode\u003efile:///C:/...\u003c/code\u003e links being rewritten to a broken path on Windows terminals with hyperlink support\u003c/li\u003e\n\u003cli\u003eFixed voice mode failing to connect when the project directory or branch name contains non-ASCII or special characters\u003c/li\u003e\n\u003cli\u003eFixed the auto mode unavailability message on third-party providers (Bedrock/Vertex/Foundry) to point to the \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE\u003c/code\u003e opt-in instead of incorrectly blaming the model\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e/effort ultracode\u003c/code\u003e incorrectly blaming the dynamic workflows setting when the model cannot run xhigh; ultracode is no longer offered on models that do not support it\u003c/li\u003e\n\u003cli\u003eFixed model-not-found errors suggesting \u003ccode\u003e--model\u003c/code\u003e when running via the SDK or other hosts where the CLI flag doesn't apply\u003c/li\u003e\n\u003cli\u003eFixed Claude's past replies disappearing from scrollback when resuming a brief mode session with brief mode turned off\u003c/li\u003e\n\u003cli\u003eFixed vim mode \u003ccode\u003ep\u003c/code\u003e pasting on the line below instead of at the cursor when the register was yanked with \u003ccode\u003ev$\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved performance of opening recently-inactive background agent sessions in \u003ccode\u003eclaude agents\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved auto mode classifier latency by reducing reasoning on routine actions, lowering the chance of \u0026quot;could not evaluate this action\u0026quot; blocks\u003c/li\u003e\n\u003cli\u003eImproved background-session teardown (\u003ccode\u003eclaude rm\u003c/code\u003e/\u003ccode\u003estop\u003c/code\u003e, idle reap) to send SIGTERM to running shell subprocesses before SIGKILL, so cleanup handlers run\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eCLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE\u003c/code\u003e; the environment variable is now a no-op\u003c/li\u003e\n\u003cli\u003eRemoved the JetBrains plugin install suggestion from startup\u003c/li\u003e\n\u003cli\u003eRenamed the dynamic-workflow trigger keyword from \u003ccode\u003eworkflow\u003c/code\u003e to \u003ccode\u003eultracode\u003c/code\u003e. The word \u0026quot;workflow\u0026quot; no longer triggers a run; asking for one in your own words still works. The trigger keyword is highlighted in violet in the prompt input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.159\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInternal infrastructure improvements (no user-facing changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.158\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuto mode is now available on Bedrock, Vertex, and Foundry for Opus 4.7 and Opus 4.8. Opt in by setting \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.157\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePlugins in \u003ccode\u003e.claude/skills\u003c/code\u003e directories are now automatically loaded, no marketplace required\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eclaude plugin init \u0026lt;name\u0026gt;\u003c/code\u003e to scaffold a new plugin in \u003ccode\u003e.claude/skills\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded autocomplete for \u003ccode\u003e/plugin\u003c/code\u003e arguments: subcommands, installed plugin names, and plugins from known marketplaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eclaude agents\u003c/code\u003e: the \u003ccode\u003eagent\u003c/code\u003e field in \u003ccode\u003esettings.json\u003c/code\u003e is now honored for dispatched sessions, with \u003ccode\u003e--agent \u0026lt;name\u0026gt;\u003c/code\u003e to override it\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnterWorktree\u003c/code\u003e can now switch between Claude-managed worktrees mid-session\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etool_decision\u003c/code\u003e telemetry events now include \u003ccode\u003etool_parameters\u003c/code\u003e (bash commands, MCP/skill names) when \u003ccode\u003eOTEL_LOG_TOOL_DETAILS=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md\"\u003e@​anthropic-ai/claude-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.160\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a prompt before writing to shell startup files (\u003ccode\u003e.zshenv\u003c/code\u003e, \u003ccode\u003e.zlogin\u003c/code\u003e, \u003ccode\u003e.bash_login\u003c/code\u003e) and \u003ccode\u003e~/.config/git/\u003c/code\u003e, which could otherwise lead to unintended command execution\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eacceptEdits\u003c/code\u003e mode now prompts before writing build-tool config files that grant code execution (\u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.yarnrc*\u003c/code\u003e, \u003ccode\u003ebunfig.toml\u003c/code\u003e, \u003ccode\u003e.bazelrc\u003c/code\u003e, \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e, \u003ccode\u003e.devcontainer/\u003c/code\u003e, etc.)\u003c/li\u003e\n\u003cli\u003eEdit no longer requires a separate Read after viewing a file with \u003ccode\u003egrep\u003c/code\u003e: single-file \u003ccode\u003egrep\u003c/code\u003e/\u003ccode\u003eegrep\u003c/code\u003e/\u003ccode\u003efgrep\u003c/code\u003e commands now satisfy the read-before-edit check\u003c/li\u003e\n\u003cli\u003eFixed copy-on-select not writing to the Windows clipboard on WSL — now uses PowerShell interop instead of OSC 52, which terminals like MobaXterm don't support\u003c/li\u003e\n\u003cli\u003eFixed restoring a completed session from \u003ccode\u003eclaude agents\u003c/code\u003e dropping chat history and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed background sessions re-attached after overnight retire losing their conversation and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude --bg\u003c/code\u003e occasionally failing with \u0026quot;socket missing\u0026quot; when the background daemon was cold-starting on a loaded machine\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where the directory a background session was started in could not be deleted after \u003ccode\u003eclaude rm\u003c/code\u003e until the background daemon exited\u003c/li\u003e\n\u003cli\u003eFixed background agents that resumed work being shown under Completed in the agents list\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e freezing for several seconds when returning to the session list due to the auto-updater re-checking on every exit\u003c/li\u003e\n\u003cli\u003eFixed Esc, arrow keys, and typing becoming unresponsive on Windows when attached to a background session or in the agent view while the host is under heavy CPU load\u003c/li\u003e\n\u003cli\u003eFixed background agents emitting terminal sync-output markers to terminals that don't support them (Apple Terminal, tmux), causing render artifacts when entering a running agent\u003c/li\u003e\n\u003cli\u003eFixed mouse wheel scrolling prompt history instead of the transcript right after opening a session from the agents list\u003c/li\u003e\n\u003cli\u003eFixed CJK IME composition appearing at the bottom-left of the screen instead of at the input caret in the \u003ccode\u003eclaude agents\u003c/code\u003e view\u003c/li\u003e\n\u003cli\u003eFixed valid \u003ccode\u003efile:///C:/...\u003c/code\u003e links being rewritten to a broken path on Windows terminals with hyperlink support\u003c/li\u003e\n\u003cli\u003eFixed voice mode failing to connect when the project directory or branch name contains non-ASCII or special characters\u003c/li\u003e\n\u003cli\u003eFixed the auto mode unavailability message on third-party providers (Bedrock/Vertex/Foundry) to point to the \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE\u003c/code\u003e opt-in instead of incorrectly blaming the model\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e/effort ultracode\u003c/code\u003e incorrectly blaming the dynamic workflows setting when the model cannot run xhigh; ultracode is no longer offered on models that do not support it\u003c/li\u003e\n\u003cli\u003eFixed model-not-found errors suggesting \u003ccode\u003e--model\u003c/code\u003e when running via the SDK or other hosts where the CLI flag doesn't apply\u003c/li\u003e\n\u003cli\u003eFixed Claude's past replies disappearing from scrollback when resuming a brief mode session with brief mode turned off\u003c/li\u003e\n\u003cli\u003eFixed vim mode \u003ccode\u003ep\u003c/code\u003e pasting on the line below instead of at the cursor when the register was yanked with \u003ccode\u003ev$\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved performance of opening recently-inactive background agent sessions in \u003ccode\u003eclaude agents\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved auto mode classifier latency by reducing reasoning on routine actions, lowering the chance of \u0026quot;could not evaluate this action\u0026quot; blocks\u003c/li\u003e\n\u003cli\u003eImproved background-session teardown (\u003ccode\u003eclaude rm\u003c/code\u003e/\u003ccode\u003estop\u003c/code\u003e, idle reap) to send SIGTERM to running shell subprocesses before SIGKILL, so cleanup handlers run\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eCLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE\u003c/code\u003e; the environment variable is now a no-op\u003c/li\u003e\n\u003cli\u003eRemoved the JetBrains plugin install suggestion from startup\u003c/li\u003e\n\u003cli\u003eRenamed the dynamic-workflow trigger keyword from \u003ccode\u003eworkflow\u003c/code\u003e to \u003ccode\u003eultracode\u003c/code\u003e. The word \u0026quot;workflow\u0026quot; no longer triggers a run; asking for one in your own words still works. The trigger keyword is highlighted in violet in the prompt input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.159\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInternal infrastructure improvements (no user-facing changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.158\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuto mode is now available on Bedrock, Vertex, and Foundry for Opus 4.7 and Opus 4.8. Opt in by setting \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.157\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePlugins in \u003ccode\u003e.claude/skills\u003c/code\u003e directories are now automatically loaded, no marketplace required\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eclaude plugin init \u0026lt;name\u0026gt;\u003c/code\u003e to scaffold a new plugin in \u003ccode\u003e.claude/skills\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded autocomplete for \u003ccode\u003e/plugin\u003c/code\u003e arguments: subcommands, installed plugin names, and plugins from known marketplaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eclaude agents\u003c/code\u003e: the \u003ccode\u003eagent\u003c/code\u003e field in \u003ccode\u003esettings.json\u003c/code\u003e is now honored for dispatched sessions, with \u003ccode\u003e--agent \u0026lt;name\u0026gt;\u003c/code\u003e to override it\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnterWorktree\u003c/code\u003e can now switch between Claude-managed worktrees mid-session\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etool_decision\u003c/code\u003e telemetry events now include \u003ccode\u003etool_parameters\u003c/code\u003e (bash commands, MCP/skill names) when \u003ccode\u003eOTEL_LOG_TOOL_DETAILS=1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWorktrees managed by Claude are now left unlocked when the agent finishes, so \u003ccode\u003egit worktree remove\u003c/code\u003e/\u003ccode\u003eprune\u003c/code\u003e can clean them up\u003c/li\u003e\n\u003cli\u003eFixed unprocessable images (zero-byte, corrupt) attached via paste, MCP, or dialog crashing the request instead of becoming a text placeholder\u003c/li\u003e\n\u003cli\u003eFixed sandbox network permission prompts appearing in auto and bypass-permissions mode when using the desktop app, IDE extensions, or SDK\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e completed sessions not retiring when an idle subagent was still parked or had leaked a backgrounded shell\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/bdb04fc52421537f63bbcb9685e1c0905689f8f7\"\u003e\u003ccode\u003ebdb04fc\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/8bae02d5319c619f84f51476188e5b28b2e5816b\"\u003e\u003ccode\u003e8bae02d\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/295dee881d0e1c1d0cd22fe171e4c1d07118fb04\"\u003e\u003ccode\u003e295dee8\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/8d0fbf451ace0d291f1cdae824c66e1227e117c4\"\u003e\u003ccode\u003e8d0fbf4\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/2d5c3c6c85048de7a4426a91268076807ebaeba5\"\u003e\u003ccode\u003e2d5c3c6\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/1696f2229402f16f12a19170d2ad87d22459d544\"\u003e\u003ccode\u003e1696f22\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/3bb44552af73d65ae4afd663823bef05227d9769\"\u003e\u003ccode\u003e3bb4455\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/b7339920b69f4a395c28727a1e2305dc5b122cb2\"\u003e\u003ccode\u003eb733992\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/d08288e09fe95340a68d58ae3fd783cb56494781\"\u003e\u003ccode\u003ed08288e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/anthropics/claude-code/issues/62592\"\u003e#62592\u003c/a\u003e from mhegazy/readme-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/bf4a74d9810e07134bb69550f7fbae8ada50b84a\"\u003e\u003ccode\u003ebf4a74d\u003c/code\u003e\u003c/a\u003e Update docs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/claude-code/compare/v2.1.50...v2.1.160\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epostinstall\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/code-frame` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/code-frame's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-code-frame/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-code-frame\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helper-validator-identifier` from 7.28.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helper-validator-identifier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helper-validator-identifier/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-helper-validator-identifier\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/runtime` from 7.28.6 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@borewit/text-codec` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/text-codec/releases\"\u003e@​borewit/text-codec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: improve encoding correctness and update README \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/36\"\u003e#36\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/@borewit/text-codec/v/0.2.2\"\u003e@​borewit/text-codec@0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/c2ce9c502abb9276e832220ee6e4fa9c4105301a\"\u003e\u003ccode\u003ec2ce9c5\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/e2f070561c21930a4fb6855947304603b7b1a183\"\u003e\u003ccode\u003ee2f0705\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/23\"\u003e#23\u003c/a\u003e from Borewit/dependabot/npm_and_yarn/master/chai-6.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/5e58cb8acf430548b8432998cff75bbef08bdf3a\"\u003e\u003ccode\u003e5e58cb8\u003c/code\u003e\u003c/a\u003e Bump chai from 5.2.1 to 6.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/bc315b8d29fc3b62efabd5146c1e74b3794a91ef\"\u003e\u003ccode\u003ebc315b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/37\"\u003e#37\u003c/a\u003e from Borewit/update-biome\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/f32adfce86b67f1b0871d10be67fbf4b693f39b7\"\u003e\u003ccode\u003ef32adfc\u003c/code\u003e\u003c/a\u003e Update biome to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/7776373963362f621dce98087879db7363b4119f\"\u003e\u003ccode\u003e7776373\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/36\"\u003e#36\u003c/a\u003e from Borewit/fix-most-issue-exodus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/068d7d45b404908b5eb0cbbb01cb5512b048f141\"\u003e\u003ccode\u003e068d7d4\u003c/code\u003e\u003c/a\u003e fix: improve encoding correctness and update README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Borewit/text-codec/compare/v0.2.1...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@google/genai` from 1.42.0 to 1.52.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/js-genai/releases\"\u003e@​google/genai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.52.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.51.0...v1.52.0\"\u003e1.52.0\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Multimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003ee626bef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e54caf6b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.51.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.1...v1.51.0\"\u003e1.51.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (\u003ca href=\"https://github.com/googleapis/js-genai/commit/9e08ba923452a7028931ba4d054290115514578e\"\u003e9e08ba9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eoutput_info\u003c/code\u003e to \u003ccode\u003eBatchJob\u003c/code\u003e (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5327c605960c1e06ff987d488082704bdbae597a\"\u003e5327c60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd gemini-3.1-flash-tts-preview model to options (\u003ca href=\"https://github.com/googleapis/js-genai/commit/35c941b024f7bff50fdcf155dda409d977b1cfcb\"\u003e35c941b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd ImageResizeMode for GenerateVideos (\u003ca href=\"https://github.com/googleapis/js-genai/commit/faa1088785f0a733b9b65af9f78229f464a9f4c3\"\u003efaa1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd new Gemini Deep Research agent models (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6f83a0533f6c9ea7cd97e218f313ebfbd77323ad\"\u003e6f83a05\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Vertex Dataset input and output options for batch jobs (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6aa848e9be75843821ba44db1e9947e4ee9cf899\"\u003e6aa848e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einteraction-api:\u003c/strong\u003e Add grounding tool usage breakdown to Interaction Usage. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003ee1c31ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eintroduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (\u003ca href=\"https://github.com/googleapis/js-genai/commit/cf7ad529f2b0d5b228ea238660f88df61305eacd\"\u003ecf7ad52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace the more ambiguous rate field with sample_rate. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6c804649ec721d9e8ac20922252183eec5b57dc9\"\u003e6c80464\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.50.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.0...v1.50.1\"\u003e1.50.1\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor Webhook types in GenAI SDKs for easier useage (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5100abc2cec39c29a297545fe89a22b9ba2149bf\"\u003e5100abc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003ewebhooks.retrieve\u003c/code\u003e to \u003ccode\u003ewebhooks.get\u003c/code\u003e. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/db6e771cc3b6da984e7fe71ca7cc722303ee6a3b\"\u003edb6e771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.50.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.49.0...v1.50.0\"\u003e1.50.0\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003cstrong\u003eCRITICAL WARNING:\u003c/strong\u003e Do \u003cstrong\u003enot\u003c/strong\u003e use this version if you are implementing or relying on \u003cstrong\u003ewebhooks\u003c/strong\u003e. This release contains known issues regarding webhook sdk. Please use v1.51.0 or later.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u0026quot;eu\u0026quot; as a supported service location for Vertex AI platform. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/2493f9c6d10817766a22bb45eb65468b95f7ae87\"\u003e2493f9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd DeepResearchAgentConfig fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/3615ca2063f65b313f9963b6f47a67be320a0edd\"\u003e3615ca2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Live Avatar new fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6a0ff9699ebea6cd517834e43d23bcb362f04aa8\"\u003e6a0ff96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new audio MIME types: opus, alaw, and mulaw (\u003ca href=\"https://github.com/googleapis/js-genai/commit/7137f13069bb65501b7816efb96924c40c2977cd\"\u003e7137f13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd webhook and webhookConfig for js and python sdk (\u003ca href=\"https://github.com/googleapis/js-genai/commit/0f8960591f5f6359558bd9aedd868e4747eb6834\"\u003e0f89605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd webhook_config to batches.create() and models.generate_videos() (\u003ca href=\"https://github.com/googleapis/js-genai/commit/894bc937de0fdacc018bbf585cdbb75daaa7f943\"\u003e894bc93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWire the webhook into python and js client. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/b6c5d189bc0ae98550c45333c5e7a9bc43648dd3\"\u003eb6c5d18\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md\"\u003e@​google/genai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.51.0...v1.52.0\"\u003e1.52.0\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Multimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003ee626bef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e54caf6b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.1...v1.51.0\"\u003e1.51.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (\u003ca href=\"https://github.com/googleapis/js-genai/commit/9e08ba923452a7028931ba4d054290115514578e\"\u003e9e08ba9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eoutput_info\u003c/code\u003e to \u003ccode\u003eBatchJob\u003c/code\u003e (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5327c605960c1e06ff987d488082704bdbae597a\"\u003e5327c60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd gemini-3.1-flash-tts-preview model to options (\u003ca href=\"https://github.com/googleapis/js-genai/commit/35c941b024f7bff50fdcf155dda409d977b1cfcb\"\u003e35c941b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd ImageResizeMode for GenerateVideos (\u003ca href=\"https://github.com/googleapis/js-genai/commit/faa1088785f0a733b9b65af9f78229f464a9f4c3\"\u003efaa1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd new Gemini Deep Research agent models (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6f83a0533f6c9ea7cd97e218f313ebfbd77323ad\"\u003e6f83a05\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Vertex Dataset input and output options for batch jobs (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6aa848e9be75843821ba44db1e9947e4ee9cf899\"\u003e6aa848e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einteraction-api:\u003c/strong\u003e Add grounding tool usage breakdown to Interaction Usage. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003ee1c31ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eintroduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (\u003ca href=\"https://github.com/googleapis/js-genai/commit/cf7ad529f2b0d5b228ea238660f88df61305eacd\"\u003ecf7ad52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace the more ambiguous rate field with sample_rate. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6c804649ec721d9e8ac20922252183eec5b57dc9\"\u003e6c80464\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.0...v1.50.1\"\u003e1.50.1\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor Webhook types in GenAI SDKs for easier useage (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5100abc2cec39c29a297545fe89a22b9ba2149bf\"\u003e5100abc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003ewebhooks.retrieve\u003c/code\u003e to \u003ccode\u003ewebhooks.get\u003c/code\u003e. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/db6e771cc3b6da984e7fe71ca7cc722303ee6a3b\"\u003edb6e771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.49.0...v1.50.0\"\u003e1.50.0\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u0026quot;eu\u0026quot; as a supported service location for Vertex AI platform. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/2493f9c6d10817766a22bb45eb65468b95f7ae87\"\u003e2493f9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd DeepResearchAgentConfig fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/3615ca2063f65b313f9963b6f47a67be320a0edd\"\u003e3615ca2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Live Avatar new fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6a0ff9699ebea6cd517834e43d23bcb362f04aa8\"\u003e6a0ff96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new audio MIME types: opus, alaw, and mulaw (\u003ca href=\"https://github.com/googleapis/js-genai/commit/7137f13069bb65501b7816efb96924c40c2977cd\"\u003e7137f13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd webhook and webhookConfig for js and python sdk (\u003ca href=\"https://github.com/googleapis/js-genai/commit/0f8960591f5f6359558bd9aedd868e4747eb6834\"\u003e0f89605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd webhook_config to batches.create() and models.generate_videos() (\u003ca href=\"https://github.com/googleapis/js-genai/commit/894bc937de0fdacc018bbf585cdbb75daaa7f943\"\u003e894bc93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWire the webhook into python and js client. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/b6c5d189bc0ae98550c45333c5e7a9bc43648dd3\"\u003eb6c5d18\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.48.0...v1.49.0\"\u003e1.49.0\u003c/a\u003e (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce TYPE_L16 audio content and optional fields. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/c62cb9a1025990ef52adf3fb5d379e180c27eb36\"\u003ec62cb9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e8c8c4432a9ac650fb5b658b0777f7f42a268aba\"\u003e\u003ccode\u003ee8c8c44\u003c/code\u003e\u003c/a\u003e chore(main): release 1.52.0 (\u003ca href=\"https://redirect.github.com/googleapis/js-genai/issues/1546\"\u003e#1546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/50d81caa594935240d86b07b7958b9b11c5c4629\"\u003e\u003ccode\u003e50d81ca\u003c/code\u003e\u003c/a\u003e chore: [Multimodal FileSearch] Move embedding_model to body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e\u003ccode\u003e54caf6b\u003c/code\u003e\u003c/a\u003e feat: Multimodal file search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003e\u003ccode\u003ee626bef\u003c/code\u003e\u003c/a\u003e feat: [Python] Multimodal file search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/61013d63a8f7d73a3fc920daa66b6ef769cff2a9\"\u003e\u003ccode\u003e61013d6\u003c/code\u003e\u003c/a\u003e chore(main): release 1.51.0 (\u003ca href=\"https://redirect.github.com/googleapis/js-genai/issues/1503\"\u003e#1503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/8137d23260a267cc4c09e0fc22320afe82400650\"\u003e\u003ccode\u003e8137d23\u003c/code\u003e\u003c/a\u003e chore: add the deprecation marker back\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/734dab038058edabae8e855c4ff217bd0e9bfcd4\"\u003e\u003ccode\u003e734dab0\u003c/code\u003e\u003c/a\u003e chore: no-op\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/006286b61eb416ee8503aacf5016ab66598f2e2f\"\u003e\u003ccode\u003e006286b\u003c/code\u003e\u003c/a\u003e chore: Add page number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/986bbedaec6dd40c0d6b00774e2bcab4d35db06b\"\u003e\u003ccode\u003e986bbed\u003c/code\u003e\u003c/a\u003e chore: Adjust Webhook update to better reflect modifiable fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003e\u003ccode\u003ee1c31ad\u003c/code\u003e\u003c/a\u003e feat(interaction-api): Add grounding tool usage breakdown to Interaction Usage.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.42.0...v1.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epreinstall\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.26.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/LLM-Dev-Ops/forge/pull/75","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LLM-Dev-Ops%2Fforge/issues/75","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/75/packages"},{"uuid":"4559906375","node_id":"PR_kwDORua-IM7hMwou","number":21,"state":"open","title":"chore(deps): bump file-type from 16.5.4 to 21.3.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T02:33:31.000Z","updated_at":"2026-06-01T02:34:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"file-type","old_version":"16.5.4","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"}],"path":null,"ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.4 to 21.3.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| file-type | [\u003e= 22.a, \u003c 23] |\n\u003c/details\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=file-type\u0026package-manager=npm_and_yarn\u0026previous-version=16.5.4\u0026new-version=21.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/thinhphan109/EasyRevise/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinhphan109%2FEasyRevise/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4559719135","node_id":"PR_kwDOR5onnM7hMK44","number":18,"state":"closed","title":"build(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-01T01:48:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T01:37:20.000Z","updated_at":"2026-06-01T01:48:48.000Z","time_to_close":680,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"@nestjs/core","old_version":"10.4.15","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"postcss","old_version":"8.5.8","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"file-type","old_version":"20.4.1","new_version":"21.3.4"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) and [postcss](https://github.com/postcss/postcss).\n\nUpdates `@nestjs/core` from 10.4.15 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 20.4.1 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.4.1...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fernando-msa/InfraCare/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/fernando-msa/InfraCare/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fernando-msa%2FInfraCare/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4526509805","node_id":"PR_kwDORerhds7fhqfC","number":15,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T00:28:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T18:28:59.000Z","updated_at":"2026-06-02T00:28:10.000Z","time_to_close":539949,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ws","old_version":"8.19.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.12.0","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.12.0` | `11.12.3` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/zalo directory: [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /ui directory: [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.0 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.0...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.0 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.0...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gith...\n\n_Description has been truncated_","html_url":"https://github.com/pierrecabell-commits/Alii-Core/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pierrecabell-commits%2FAlii-Core/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4509952342","node_id":"PR_kwDOK3-Xis7es_sG","number":663,"state":"open","title":"Bump file-type and ibm-cloud-sdk-core","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T00:01:02.000Z","updated_at":"2026-05-24T00:02:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"file-type","repository_url":"https://github.com/sindresorhus/file-type","old_version":"16.5.4","new_version":"21.3.2"},{"name":"ibm-cloud-sdk-core","repository_url":"https://github.com/IBM/node-sdk-core","old_version":"5.4.2","new_version":"5.4.20"}],"path":null,"ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) and [ibm-cloud-sdk-core](https://github.com/IBM/node-sdk-core). These dependencies needed to be updated together.\nUpdates `file-type` from 16.5.4 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ibm-cloud-sdk-core` from 5.4.2 to 5.4.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/IBM/node-sdk-core/releases\"\u003eibm-cloud-sdk-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.19...v5.4.20\"\u003e5.4.20\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003ed10af78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.19\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.18...v5.4.19\"\u003e5.4.19\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003eba450c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.18\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.17...v5.4.18\"\u003e5.4.18\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003ebbd8b7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.17\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.16...v5.4.17\"\u003e5.4.17\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloning to deepmerge (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/352\"\u003e#352\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/3e05fb3229a0f080865f3278f4ec7b658eed3b67\"\u003e3e05fb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.16\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.15...v5.4.16\"\u003e5.4.16\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e regenerate package-lock.json (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/9e76ad6596b779eaae5c4dfdd572f145522de96e\"\u003e9e76ad6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.15\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.14...v5.4.15\"\u003e5.4.15\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd test cases for new functions (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/350\"\u003e#350\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/c4b80daee3c1f18a84d756ac60c1d7d9a2b76d46\"\u003ec4b80da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.14\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.13...v5.4.14\"\u003e5.4.14\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/IBM/node-sdk-core/blob/main/CHANGELOG.md\"\u003eibm-cloud-sdk-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.19...v5.4.20\"\u003e5.4.20\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003ed10af78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.18...v5.4.19\"\u003e5.4.19\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003eba450c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.17...v5.4.18\"\u003e5.4.18\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003ebbd8b7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.16...v5.4.17\"\u003e5.4.17\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloning to deepmerge (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/352\"\u003e#352\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/3e05fb3229a0f080865f3278f4ec7b658eed3b67\"\u003e3e05fb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.15...v5.4.16\"\u003e5.4.16\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e regenerate package-lock.json (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/9e76ad6596b779eaae5c4dfdd572f145522de96e\"\u003e9e76ad6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.14...v5.4.15\"\u003e5.4.15\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd test cases for new functions (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/350\"\u003e#350\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/c4b80daee3c1f18a84d756ac60c1d7d9a2b76d46\"\u003ec4b80da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.13...v5.4.14\"\u003e5.4.14\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e lock api-documenter version (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/349\"\u003e#349\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/6a6058898450c934841dad55f3c9cbe27b2758f0\"\u003e6a60588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.12...v5.4.13\"\u003e5.4.13\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d89aeded22ce167af392d5f2ecb5db30ec52bf4d\"\u003e\u003ccode\u003ed89aede\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.20 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003e\u003ccode\u003ed10af78\u003c/code\u003e\u003c/a\u003e fix(deps): bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/80a4a0c59e9b2b10a3e4d835b8001a005c246ff9\"\u003e\u003ccode\u003e80a4a0c\u003c/code\u003e\u003c/a\u003e build: switch mend config (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/46a3753afc686b3eef7777c8d49dcac22f617a30\"\u003e\u003ccode\u003e46a3753\u003c/code\u003e\u003c/a\u003e build: switch base config for Mend (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/55eec5a2e40532b88769164b24939a52b7aeba0c\"\u003e\u003ccode\u003e55eec5a\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.19 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003e\u003ccode\u003eba450c6\u003c/code\u003e\u003c/a\u003e fix(deps): update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/20a0fb8f4f1382058640b457f545cb39854b2aa2\"\u003e\u003ccode\u003e20a0fb8\u003c/code\u003e\u003c/a\u003e build: disable Renovate (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/354\"\u003e#354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/2e592ef79b86ffe2d596b4e04df90116eb40e1d5\"\u003e\u003ccode\u003e2e592ef\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.18 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003e\u003ccode\u003ebbd8b7f\u003c/code\u003e\u003c/a\u003e fix(deps): revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/31b100d1d661b1d51693ce63b50a547ef4d11de0\"\u003e\u003ccode\u003e31b100d\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.17 [skip ci]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.2...v5.4.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yuiseki/charites-ai/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yuiseki/charites-ai/pull/663","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuiseki%2Fcharites-ai/issues/663","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/663/packages"},{"uuid":"4508591203","node_id":"PR_kwDOSTefEM7eo_1p","number":8,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 8 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T09:44:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T14:50:28.000Z","updated_at":"2026-05-24T09:45:00.000Z","time_to_close":68070,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@opentelemetry/exporter-prometheus","old_version":"0.52.1","new_version":"removed","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"axios","old_version":"1.13.6","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"file-type","old_version":"21.3.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"ws","old_version":"8.18.3","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"hono","old_version":"4.12.3","new_version":"4.12.22","repository_url":"https://github.com/honojs/hono"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"undici","old_version":"7.22.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"vite","old_version":"5.4.21","new_version":"8.0.14","repository_url":"https://github.com/vitejs/vite"},{"name":"yaml","old_version":"2.8.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@opentelemetry/exporter-prometheus](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `removed` |\n| [axios](https://github.com/axios/axios) | `1.13.6` | `1.16.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.21.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.3` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.25.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `8.0.14` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |\n\nBumps the npm_and_yarn group with 20 updates in the /ruflo/src/ruvocal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.0.0` | `21.3.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [ws](https://github.com/websockets/ws) | `8.18.2` | `8.21.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.24.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `10.0.0` | `14.0.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.52.2` | `2.61.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n\nBumps the npm_and_yarn group with 2 updates in the /ruflo/src/ruvocal/mcp-bridge directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 3 updates in the /v2 directory: [axios](https://github.com/axios/axios), [fast-uri](https://github.com/fastify/fast-uri) and [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 1 update in the /v2/examples/05-swarm-apps/rest-api-advanced directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /v2/examples/rest-api-simple directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /v3 directory: [ws](https://github.com/websockets/ws) and [yaml](https://github.com/eemeli/yaml).\nBumps the npm_and_yarn group with 3 updates in the /v3/plugins/gastown-bridge directory: [postcss](https://github.com/postcss/postcss), [uuid](https://github.com/uuidjs/uuid) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@opentelemetry/exporter-prometheus`\n\nUpdates `axios` from 1.13.6 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.6...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.3 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.3...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.3 to 4.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a192df0844724aeaf5cbc6f1ea2f8425d3f8a86a\"\u003e\u003ccode\u003ea192df0\u003c/code\u003e\u003c/a\u003e fix(mime): specify charset parameter per MIME type instead of mechanical dete...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf6ef7056a59acdc5cd2eacdca201147885d3e54\"\u003e\u003ccode\u003ecf6ef70\u003c/code\u003e\u003c/a\u003e chore: update vitest to v4 and cleanups (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.3...v4.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types...\n\n_Description has been truncated_","html_url":"https://github.com/michaelhughes2501/ruflo/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelhughes2501%2Fruflo/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4507665987","node_id":"PR_kwDOQq4Zds7emFwV","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:39:48.000Z","updated_at":"2026-05-23T09:41:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@nestjs/core","old_version":"11.1.9","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"next","old_version":"16.0.10","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"esbuild","old_version":"0.14.47","new_version":"0.27.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"file-type","old_version":"21.1.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.9` | `11.1.18` |\n| [next](https://github.com/vercel/next.js) | `16.0.10` | `16.2.6` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.14.47` | `0.27.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.1.0` | `21.3.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n\nBumps the npm_and_yarn group with 1 update in the /apps/web directory: [next](https://github.com/vercel/next.js).\n\nUpdates `@nestjs/core` from 11.1.9 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 16.0.10 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.0.10...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.14.47 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.27.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release deliberately contains backwards-incompatible changes.\u003c/strong\u003e To avoid automatically picking up releases like this, you should either be pinning the exact version of \u003ccode\u003eesbuild\u003c/code\u003e in your \u003ccode\u003epackage.json\u003c/code\u003e file (recommended) or be using a version range syntax that only accepts patch upgrades such as \u003ccode\u003e^0.26.0\u003c/code\u003e or \u003ccode\u003e~0.26.0\u003c/code\u003e. See npm's documentation about \u003ca href=\"https://docs.npmjs.com/cli/v6/using-npm/semver/\"\u003esemver\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUse \u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e if available (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4286\"\u003e#4286\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild's \u003ccode\u003ebinary\u003c/code\u003e loader will now use the new \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/fromBase64\"\u003e\u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e\u003c/a\u003e function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify \u003ccode\u003etarget\u003c/code\u003e when using this feature with Node (for example \u003ccode\u003e--target=node22\u003c/code\u003e) unless you're using Node v25+.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the Go compiler from v1.23.12 to v1.25.4 (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4208\"\u003e#4208\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4311\"\u003e#4311\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis raises the operating system requirements for running esbuild:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLinux: now requires a kernel version of 3.2 or later\u003c/li\u003e\n\u003cli\u003emacOS: now requires macOS 12 (Monterey) or later\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.26.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEnable trusted publishing (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4281\"\u003e#4281\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eGitHub and npm are recommending that maintainers for packages such as esbuild switch to \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing\u003c/a\u003e. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.\u003c/p\u003e\n\u003cp\u003eUnfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2022.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2022\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).\u003c/p\u003e\n\u003ch2\u003e0.16.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eLoader defaults to \u003ccode\u003ejs\u003c/code\u003e for extensionless files (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/2776\"\u003e#2776\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCertain packages contain files without an extension. For example, the \u003ccode\u003eyargs\u003c/code\u003e package contains the file \u003ccode\u003eyargs/yargs\u003c/code\u003e which has no extension. Node, Webpack, and Parcel can all understand code that imports \u003ccode\u003eyargs/yargs\u003c/code\u003e because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCLI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eesbuild --bundle --loader:=css\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eJS:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eesbuild.build({\n  bundle: true,\n  loader: { '': 'css' },\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGo:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eapi.Build(api.BuildOptions{\n  Bundle: true,\n  Loader: map[string]api.Loader{\u0026quot;\u0026quot;: api.LoaderCSS},\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, the \u003ccode\u003e\u0026quot;type\u0026quot;\u003c/code\u003e field in \u003ccode\u003epackage.json\u003c/code\u003e files now only applies to files with an explicit \u003ccode\u003e.js\u003c/code\u003e, \u003ccode\u003e.jsx\u003c/code\u003e, \u003ccode\u003e.ts\u003c/code\u003e, or \u003ccode\u003e.tsx\u003c/code\u003e extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than \u003ccode\u003e.mjs\u003c/code\u003e, \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cjs\u003c/code\u003e, or \u003ccode\u003e.cts\u003c/code\u003e including extensionless files. So for example an extensionless file in a \u003ccode\u003e\u0026quot;type\u0026quot;: \u0026quot;module\u0026quot;\u003c/code\u003e package is now treated as CommonJS instead of ESM.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.16.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid a syntax error in the presence of direct \u003ccode\u003eeval\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/2761\"\u003e#2761\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe behavior of nested \u003ccode\u003efunction\u003c/code\u003e declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested \u003ccode\u003efunction\u003c/code\u003e declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested \u003ccode\u003efunction\u003c/code\u003e declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nif (true) {\n  function foo() {}\n  console.log(!!foo)\n  foo = null\n  console.log(!!foo)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/2b91699b74da07c2cd2361a5e63c1882575e3bf0\"\u003e\u003ccode\u003e2b91699\u003c/code\u003e\u003c/a\u003e publish 0.27.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/22b425c12f59964383df27362294b5f8c034bab3\"\u003e\u003ccode\u003e22b425c\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4286\"\u003e#4286\u003c/a\u003e: use \u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e if present (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4295\"\u003e#4295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6d187ef4c9277939c1639ef8c036c07ff62dd33f\"\u003e\u003ccode\u003e6d187ef\u003c/code\u003e\u003c/a\u003e update go 1.25.3 =\u0026gt; 1.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9d0d4e71a23dce02d18cf91552304333c1b44cd9\"\u003e\u003ccode\u003e9d0d4e7\u003c/code\u003e\u003c/a\u003e update go 1.23.12 =\u0026gt; 1.25.3 (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4318\"\u003e#4318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/b6979d89ed4b2aed1ab58d206e65c8bd92ac7c60\"\u003e\u003ccode\u003eb6979d8\u003c/code\u003e\u003c/a\u003e use a patched go compiler for release builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/893d2b9661a62575041fa371351c422f887cc43d\"\u003e\u003ccode\u003e893d2b9\u003c/code\u003e\u003c/a\u003e delete temporary \u003ccode\u003erelease.yml\u003c/code\u003e workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/cee391852c39146334894795e658e7a9c7bc4cd8\"\u003e\u003ccode\u003ecee3918\u003c/code\u003e\u003c/a\u003e add a temporary \u003ccode\u003erelease.yml\u003c/code\u003e workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f5bb1d6ed8c86eea24cda1664ab8812d823daeca\"\u003e\u003ccode\u003ef5bb1d6\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003epublish.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/17ff82bebfaf78e97457cb504525584e603bf9f4\"\u003e\u003ccode\u003e17ff82b\u003c/code\u003e\u003c/a\u003e publish 0.26.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f87181fbf3eb78b6b00cf7b3529d0f6f20cd763c\"\u003e\u003ccode\u003ef87181f\u003c/code\u003e\u003c/a\u003e enable trusted publishing (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.14.47...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.1.0 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://gith...\n\n_Description has been truncated_","html_url":"https://github.com/jianminy931020-coder/my-official-site/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jianminy931020-coder%2Fmy-official-site/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4507631910","node_id":"PR_kwDOQPm3Is7el_ZD","number":426,"state":"open","title":"chore(deps): bump file-type from 16.5.4 to 22.0.1 in /server","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:22:46.000Z","updated_at":"2026-05-23T09:22:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"file-type","old_version":"16.5.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"}],"path":"/server","ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.4 to 22.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=file-type\u0026package-manager=npm_and_yarn\u0026previous-version=16.5.4\u0026new-version=22.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Sachinchaurasiya360/InternHack/pull/426","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sachinchaurasiya360%2FInternHack/issues/426","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/426/packages"},{"uuid":"4507295577","node_id":"PR_kwDOSTefEM7ek8Uz","number":4,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 5 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T10:49:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T07:20:01.000Z","updated_at":"2026-05-23T10:49:44.000Z","time_to_close":12581,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"file-type","old_version":"21.0.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"hono","old_version":"4.12.0","new_version":"4.12.22","repository_url":"https://github.com/honojs/hono"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"postcss","old_version":"8.5.4","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"undici","old_version":"7.18.2","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"uuid","old_version":"10.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@sveltejs/kit","old_version":"2.52.2","new_version":"2.61.0","repository_url":"https://github.com/sveltejs/kit"},{"name":"vite","old_version":"6.3.5","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ws","old_version":"8.18.2","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 20 updates in the /ruflo/src/ruvocal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.0.0` | `21.3.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.24.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `10.0.0` | `14.0.0` |\n| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.52.2` | `2.61.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.2` | `8.21.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /v2 directory: [undici](https://github.com/nodejs/undici), [fast-uri](https://github.com/fastify/fast-uri), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 1 update in the /v2/examples/05-swarm-apps/rest-api-advanced directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 5 updates in the /v2/examples/rest-api-simple directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /v3 directory: [yaml](https://github.com/eemeli/yaml) and [ws](https://github.com/websockets/ws).\n\nUpdates `file-type` from 21.0.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.0 to 4.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a192df0844724aeaf5cbc6f1ea2f8425d3f8a86a\"\u003e\u003ccode\u003ea192df0\u003c/code\u003e\u003c/a\u003e fix(mime): specify charset parameter per MIME type instead of mechanical dete...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf6ef7056a59acdc5cd2eacdca201147885d3e54\"\u003e\u003ccode\u003ecf6ef70\u003c/code\u003e\u003c/a\u003e chore: update vitest to v4 and cleanups (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.0...v4.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 9.0.5 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v9.0.5...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.4 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.4...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.18.2 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.18.2...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sveltejs/kit` from 2.52.2 to 2.61.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/kit/releases\"\u003e@​sveltejs/kit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​sveltejs/kit\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.61.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking: the \u003ccode\u003e.run()\u003c/code\u003e method has been removed from remote queries on both the client and the server. Use \u003ccode\u003eawait query()\u003c/code\u003e directly instead — it now works everywhere (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: live query instances are now themselves async-iterable (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15878\"\u003e#15878\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: add programmatic \u003ccode\u003esubmit\u003c/code\u003e method to \u003ccode\u003eform\u003c/code\u003e remote function instances (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: pass \u003ccode\u003eform\u003c/code\u003e remote function instance into \u003ccode\u003eenhance\u003c/code\u003e callback (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve the app payload without using \u003ccode\u003eprocess.env.NODE_ENV\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15852\"\u003e#15852\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15825\"\u003e#15825\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly send \u003ccode\u003etrue\u003c/code\u003e value to the server for 'submit' and 'hidden' form fields (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15858\"\u003e#15858\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid build warnings about undefined universal hooks (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15895\"\u003e#15895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prefer default error page when failing to decode the URL pathname (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15744\"\u003e#15744\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disable link prefetching on slow internet connections (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15885\"\u003e#15885\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow routes ending with optional parameters next to more specific routes (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15861\"\u003e#15861\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15796\"\u003e#15796\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​sveltejs/kit\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.60.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump \u003ccode\u003esvelte\u003c/code\u003e and \u003ccode\u003edevalue\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15836\"\u003e#15836\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent \u003ccode\u003equery.batch\u003c/code\u003e cross-talk (\u003ca href=\"https://github.com/sveltejs/kit/commit/dadaefc2e647a0a62f49f3ee8bc7aa46f5e27056\"\u003e\u003ccode\u003edadaefc\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md\"\u003e@​sveltejs/kit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.61.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking: the \u003ccode\u003e.run()\u003c/code\u003e method has been removed from remote queries on both the client and the server. Use \u003ccode\u003eawait query()\u003c/code\u003e directly instead — it now works everywhere (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: live query instances are now themselves async-iterable (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15878\"\u003e#15878\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: add programmatic \u003ccode\u003esubmit\u003c/code\u003e method to \u003ccode\u003eform\u003c/code\u003e remote function instances (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: pass \u003ccode\u003eform\u003c/code\u003e remote function instance into \u003ccode\u003eenhance\u003c/code\u003e callback (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve the app payload without using \u003ccode\u003eprocess.env.NODE_ENV\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15852\"\u003e#15852\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15825\"\u003e#15825\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly send \u003ccode\u003etrue\u003c/code\u003e value to the server for 'submit' and 'hidden' form fields (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15858\"\u003e#15858\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid build warnings about undefined universal hooks (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15895\"\u003e#15895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prefer default error page when failing to decode the URL pathname (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15744\"\u003e#15744\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disable link prefetching on slow internet connections (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15885\"\u003e#15885\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow routes ending with optional parameters next to more specific routes (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15861\"\u003e#15861\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15796\"\u003e#15796\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.60.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump \u003ccode\u003esvelte\u003c/code\u003e and \u003ccode\u003edevalue\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15836\"\u003e#15836\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/4f961ab2d89249a7be62c29116c55cda7f551e16\"\u003e\u003ccode\u003e4f961ab\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15853\"\u003e#15853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/1817da0a8028e0c0980b9e47afb5dab464b26132\"\u003e\u003ccode\u003e1817da0\u003c/code\u003e\u003c/a\u003e fix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15825\"\u003e#15825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/8feb2af890fc0ee7db34d6d23c74b6a2d0b72567\"\u003e\u003ccode\u003e8feb2af\u003c/code\u003e\u003c/a\u003e chore: dedupe replacer code (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15877\"\u003e#15877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/95ca921c82837bb55373f91b9a90d76854c90e89\"\u003e\u003ccode\u003e95ca921\u003c/code\u003e\u003c/a\u003e fix: remove Content-Length dependency in binary form deserialization (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15796\"\u003e#15796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/e75024c9fbc240e83b10c0cdabc2f542c71ab846\"\u003e\u003ccode\u003ee75024c\u003c/code\u003e\u003c/a\u003e feat: LiveQuery self-iterability (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15878\"\u003e#15878\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/0cc67d9201a36ba3786a234f322f6fdd341619ea\"\u003e\u003ccode\u003e0cc67d9\u003c/code\u003e\u003c/a\u003e fix: avoid build warnings about undefined hooks on Windows (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15895\"\u003e#15895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/1949057b0d658b458ad519713818d450d123c3ae\"\u003e\u003ccode\u003e1949057\u003c/code\u003e\u003c/a\u003e chore(prefetch): disable link prefetching on slow internet connections (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15885\"\u003e#15885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/69b5787a41b2c60bab944430c43484cf3375459e\"\u003e\u003ccode\u003e69b5787\u003c/code\u003e\u003c/a\u003e fix: prefer the default error page when failing to decode the URL pathname (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/e4c844830a8acd237f9c78e6c8a55badac555fb7\"\u003e\u003ccode\u003ee4c8448\u003c/code\u003e\u003c/a\u003e feat: Isomorphic caching for queries (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15779\"\u003e#15779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/81de68d02e56ed6d64d82aa055569090a8fd2cc8\"\u003e\u003ccode\u003e81de68d\u003c/code\u003e\u003c/a\u003e chore: remove unnecessary arg in \u003ccode\u003ebuild_server.js\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15850\"\u003e#15850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.61.0/packages/kit\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.5 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/michaelhughes2501/ruflo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelhughes2501%2Fruflo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4498947752","node_id":"PR_kwDONiT-TM7eKI6p","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript","packages/backend","packages/frontend"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:05:34.000Z","updated_at":"2026-05-22T01:07:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"vite","old_version":"7.2.2","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@fastify/express","old_version":"4.0.2","new_version":"4.0.5","repository_url":"https://github.com/fastify/fastify-express"},{"name":"@fastify/static","old_version":"8.3.0","new_version":"9.1.1","repository_url":"https://github.com/fastify/fastify-static"},{"name":"@nestjs/core","old_version":"11.1.9","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"fastify","old_version":"5.6.2","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"file-type","old_version":"21.1.1","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.8.9","repository_url":"https://github.com/capricorn86/happy-dom"},{"name":"jsrsasign","old_version":"11.1.0","new_version":"11.1.1","repository_url":"https://github.com/kjur/jsrsasign"},{"name":"nodemailer","old_version":"7.0.10","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"rollup","old_version":"4.53.3","new_version":"4.59.0","repository_url":"https://github.com/rollup/rollup"},{"name":"systeminformation","old_version":"5.27.11","new_version":"5.31.6","repository_url":"https://github.com/sebhildebrandt/systeminformation"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@xmldom/xmldom","old_version":"0.9.8","new_version":"0.9.10","repository_url":"https://github.com/xmldom/xmldom"},{"name":"axios","old_version":"0.24.0","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.2.5","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"immutable","old_version":"5.1.4","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"picomatch","old_version":"2.3.1","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/svg/svgo"},{"name":"undici","old_version":"5.29.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /scripts/changelog-checker directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [rollup](https://github.com/rollup/rollup) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.2` |\n| [@fastify/express](https://github.com/fastify/fastify-express) | `4.0.2` | `4.0.5` |\n| [@fastify/static](https://github.com/fastify/fastify-static) | `8.3.0` | `9.1.1` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.9` | `11.1.18` |\n| [fastify](https://github.com/fastify/fastify) | `5.6.2` | `5.8.5` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.1.1` | `21.3.2` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.8.9` |\n| [jsrsasign](https://github.com/kjur/jsrsasign) | `11.1.0` | `11.1.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.10` | `8.0.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.3` | `4.59.0` |\n| [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.27.11` | `5.31.6` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.20.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.9.8` | `0.9.10` |\n| [axios](https://github.com/axios/axios) | `0.24.0` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.2.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.4` | `5.1.5` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n| [svgo](https://github.com/svg/svgo) | `4.0.0` | `4.0.1` |\n| [undici](https://github.com/nodejs/undici) | `5.29.0` | `7.25.0` |\n\n\nUpdates `vite` from 7.2.2 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.53.3 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.53.3...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@fastify/express` from 4.0.2 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify-express/releases\"\u003e@​fastify/express's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33807 \u003ca href=\"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c\"\u003ehttps://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c\u003c/a\u003e.\nThis fixes CVE CVE-2026-33808 \u003ca href=\"https://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88\"\u003ehttps://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump express from 4.22.1 to 5.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/179\"\u003efastify/fastify-express#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove stale.yml by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/181\"\u003efastify/fastify-express#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump c8 from 10.1.3 to 11.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/183\"\u003efastify/fastify-express#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/182\"\u003efastify/fastify-express#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/185\"\u003efastify/fastify-express#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/187\"\u003efastify/fastify-express#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/188\"\u003efastify/fastify-express#188\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/181\"\u003efastify/fastify-express#181\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.4...v4.0.5\"\u003ehttps://github.com/fastify/fastify-express/compare/v4.0.4...v4.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: decode url with query params by \u003ca href=\"https://github.com/nolway\"\u003e\u003ccode\u003e@​nolway\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/178\"\u003efastify/fastify-express#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nolway\"\u003e\u003ccode\u003e@​nolway\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/178\"\u003efastify/fastify-express#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.3...v4.0.4\"\u003ehttps://github.com/fastify/fastify-express/compare/v4.0.3...v4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(dependabot): reduce npm updates to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/157\"\u003efastify/fastify-express#157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: rename master to main by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/158\"\u003efastify/fastify-express#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: migrate to node test runner by \u003ca href=\"https://github.com/ilteoood\"\u003e\u003ccode\u003e@​ilteoood\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/159\"\u003efastify/fastify-express#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/161\"\u003efastify/fastify-express#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(readme): update plugin version syntax by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/162\"\u003efastify/fastify-express#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/163\"\u003efastify/fastify-express#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/164\"\u003efastify/fastify-express#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump express from 4.21.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/166\"\u003efastify/fastify-express#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump serve-static from 1.16.2 to 2.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/165\"\u003efastify/fastify-express#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/168\"\u003efastify/fastify-express#168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): update date ranges; standardise style by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/169\"\u003efastify/fastify-express#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/171\"\u003efastify/fastify-express#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/172\"\u003efastify/fastify-express#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/170\"\u003efastify/fastify-express#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: decode paths before matching by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/174\"\u003efastify/fastify-express#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore express4 by \u003ca href=\"https://github.com/Eomm\"\u003e\u003ccode\u003e@​Eomm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/176\"\u003efastify/fastify-express#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ilteoood\"\u003e\u003ccode\u003e@​ilteoood\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/159\"\u003efastify/fastify-express#159\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/f52f4476cbd874a9526027082b9e075d3bff63ac\"\u003e\u003ccode\u003ef52f447\u003c/code\u003e\u003c/a\u003e Bumped v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/c4e49b5244fcfadb38dc08e9b1808c5d759021a2\"\u003e\u003ccode\u003ec4e49b5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/674020f27ddc1d1709e4369cb40158d4c958d42b\"\u003e\u003ccode\u003e674020f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/96eb39be998436e639401ce763941a919145b8ad\"\u003e\u003ccode\u003e96eb39b\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/188\"\u003e#188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/65ddc99fba34f9f1561435daa08dd654f126bd46\"\u003e\u003ccode\u003e65ddc99\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/187\"\u003e#187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/2746f1f040a9b57b24481d4e0dbbedbf05ca234e\"\u003e\u003ccode\u003e2746f1f\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/cce14b12102da13f84cedf21cdf18b2ac75676e7\"\u003e\u003ccode\u003ecce14b1\u003c/code\u003e\u003c/a\u003e chore(license): standardise license notice (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/182\"\u003e#182\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/70a809411d0f4d4b4a0993c45bd9881e0b427847\"\u003e\u003ccode\u003e70a8094\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump c8 from 10.1.3 to 11.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/183\"\u003e#183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/6f627c610007c0985d9af80f8dff072b9d21ee37\"\u003e\u003ccode\u003e6f627c6\u003c/code\u003e\u003c/a\u003e ci: remove stale.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/181\"\u003e#181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/fa4a726d0be418a1ce2ee7abe88250cce8213ea4\"\u003e\u003ccode\u003efa4a726\u003c/code\u003e\u003c/a\u003e build(deps): bump express from 4.22.1 to 5.2.1 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/179\"\u003e#179\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.2...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for \u003ccode\u003e@​fastify/express\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@fastify/static` from 8.3.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify-static/releases\"\u003e@​fastify/static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-6410 \u003ca href=\"https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h\"\u003ehttps://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h\u003c/a\u003e.\nThis fixes CVE CVE-2026-6414 \u003ca href=\"https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92\"\u003ehttps://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/570\"\u003efastify/fastify-static#570\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1\"\u003ehttps://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev9.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.4 to 25.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/552\"\u003efastify/fastify-static#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: move ignoreTrailingSlash under routerOptions by \u003ca href=\"https://github.com/lraveri\"\u003e\u003ccode\u003e@​lraveri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/553\"\u003efastify/fastify-static#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump borp from 0.20.2 to 0.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/543\"\u003efastify/fastify-static#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump pino and borp dependencies, delete stale.yml by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/557\"\u003efastify/fastify-static#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update syntax typescript by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/558\"\u003efastify/fastify-static#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/560\"\u003efastify/fastify-static#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: sendFile ignoring option overrides in some cases by \u003ca href=\"https://github.com/bakugo\"\u003e\u003ccode\u003e@​bakugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/559\"\u003efastify/fastify-static#559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade c8 to v11.0.0 and improvements test by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/564\"\u003efastify/fastify-static#564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/566\"\u003efastify/fastify-static#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lraveri\"\u003e\u003ccode\u003e@​lraveri\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/553\"\u003efastify/fastify-static#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/557\"\u003efastify/fastify-static#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bakugo\"\u003e\u003ccode\u003e@​bakugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/559\"\u003efastify/fastify-static#559\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0\"\u003ehttps://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump content-disposition from 0.5.4 to 1.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/547\"\u003efastify/fastify-static#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate glob@13 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/550\"\u003efastify/fastify-static#550\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v8.3.0...v9.0.0\"\u003ehttps://github.com/fastify/fastify-static/compare/v8.3.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/48b136f5d8da0efea328f49f6202ab3edabf608b\"\u003e\u003ccode\u003e48b136f\u003c/code\u003e\u003c/a\u003e Bumped v9.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/cc7b7f7e00a5f028599ba17392b831afd0c651aa\"\u003e\u003ccode\u003ecc7b7f7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/9921faa7ffe4931f4bbd2d1a8b6d90e720081856\"\u003e\u003ccode\u003e9921faa\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/4183d2d8dd52b11c27f7adc22abb8d2531ad4a02\"\u003e\u003ccode\u003e4183d2d\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/570\"\u003e#570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/a3a8cd6c7a5b0937d7ad939564991c284f09754a\"\u003e\u003ccode\u003ea3a8cd6\u003c/code\u003e\u003c/a\u003e Bumped v9.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/8423c80016917b40a3e42c38fd55070a89d1b9b8\"\u003e\u003ccode\u003e8423c80\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/566\"\u003e#566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/475dce148995ac754a8cb344bad63c8cbd6517d2\"\u003e\u003ccode\u003e475dce1\u003c/code\u003e\u003c/a\u003e chore: upgrade c8 to v11.0.0 and improvements test (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/3ff0f39b94da96f42a88ed57c554abc8381806c3\"\u003e\u003ccode\u003e3ff0f39\u003c/code\u003e\u003c/a\u003e fix: sendFile ignoring option overrides in some cases (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/663baa7da61ff69115995baf59efba6396d814a8\"\u003e\u003ccode\u003e663baa7\u003c/code\u003e\u003c/a\u003e chore(license): standardise license notice (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/51bb66e88667850ff5e8f4e9a27ebbf8c5b7bbad\"\u003e\u003ccode\u003e51bb66e\u003c/code\u003e\u003c/a\u003e chore: update syntax typescript (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify-static/compare/v8.3.0...v9.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.9 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastify` from 5.6.2 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/towan912/misskey/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/towan912%2Fmisskey/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4498791047","node_id":"PR_kwDOSkcNvs7eJp52","number":4,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T00:24:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T00:23:54.000Z","updated_at":"2026-05-22T00:24:28.000Z","time_to_close":32,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"dottie","old_version":"2.0.6","new_version":"2.0.7","repository_url":"https://github.com/mickhansen/dottie.js"},{"name":"file-type","old_version":"16.5.4","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"multer","old_version":"1.4.5-lts.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"sanitize-html","old_version":"1.4.2","new_version":"2.12.1","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"sequelize","old_version":"6.37.7","new_version":"6.37.8","repository_url":"https://github.com/sequelize/sequelize"},{"name":"socket.io","old_version":"3.1.2","new_version":"4.6.2","repository_url":"https://github.com/socketio/socket.io"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"braces","old_version":"2.3.2","new_version":"removed","repository_url":"https://github.com/micromatch/braces"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"cookie","old_version":"0.4.2","new_version":"0.7.2","repository_url":"https://github.com/jshttp/cookie"},{"name":"crypto-js","old_version":"3.3.0","new_version":"removed","repository_url":"https://github.com/brix/crypto-js"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"diff","old_version":"5.0.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dottie](https://github.com/mickhansen/dottie.js) | `2.0.6` | `2.0.7` |\n| [file-type](https://github.com/sindresorhus/file-type) | `16.5.4` | `21.3.2` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.2` | `2.1.1` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `1.4.2` | `2.12.1` |\n| [sequelize](https://github.com/sequelize/sequelize) | `6.37.7` | `6.37.8` |\n| [socket.io](https://github.com/socketio/socket.io) | `3.1.2` | `4.6.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `removed` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` |\n| [crypto-js](https://github.com/brix/crypto-js) | `3.3.0` | `removed` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.0.0` | `5.2.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n\n\nUpdates `dottie` from 2.0.6 to 2.0.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/334c32b80ed536522b567ee6a844caf8e5fef9c3\"\u003e\u003ccode\u003e334c32b\u003c/code\u003e\u003c/a\u003e 2.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/7e8fa1345a4b46325f0eab8d7aeb1c4deaefdb14\"\u003e\u003ccode\u003e7e8fa13\u003c/code\u003e\u003c/a\u003e fix: check all path segments for dangerous keys (bypass of CVE-2023-2… (\u003ca href=\"https://redirect.github.com/mickhansen/dottie.js/issues/43\"\u003e#43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/a72eb993212939d60a2801843ce3e968dfc5c6a6\"\u003e\u003ccode\u003ea72eb99\u003c/code\u003e\u003c/a\u003e Update test GitHub Action (\u003ca href=\"https://redirect.github.com/mickhansen/dottie.js/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mickhansen/dottie.js/compare/v2.0.6...v2.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 16.5.4 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 1.4.5-lts.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7338\"\u003eCVE-2025-7338\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p\"\u003eGHSA-fjgf-rc76-4x9p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-48997\"\u003eCVE-2025-48997\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg\"\u003eGHSA-g5hg-p3ph-g8qg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change: The minimum supported Node version is now 10.16.0\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-47935\"\u003eCVE-2025-47935\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5\"\u003eGHSA-44fp-w29j-9vj5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-47944\"\u003eCVE-2025-47944\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h\"\u003eGHSA-4pg4-qvpc-4q3h\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v1.4.5-lts.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for multer since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sanitize-html` from 1.4.2 to 2.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md\"\u003esanitize-html's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.12.1 (2024-02-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not parse sourcemaps in \u003ccode\u003epost-css\u003c/code\u003e. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the \u003ccode\u003estyle\u003c/code\u003e attribute is allowed by the configuration. Thanks to the \u003ca href=\"https://snyk.io/\"\u003eSnyk Security team\u003c/a\u003e for the disclosure and to \u003ca href=\"https://dylan.is/\"\u003eDylan Armstrong\u003c/a\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.12.0 (2024-02-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eIntroduced the \u003ccode\u003eallowedEmptyAttributes\u003c/code\u003e option, enabling explicit specification of empty string values for select attributes, with the default attribute set to \u003ccode\u003ealt\u003c/code\u003e. Thanks to \u003ca href=\"https://github.com/zhna123\"\u003eNa\u003c/a\u003e for the contribution.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClarified the use of SVGs with a new test and changes to documentation. Thanks to \u003ca href=\"https://github.com/gkumar9891\"\u003eGauav Kumar\u003c/a\u003e for the contribution.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not process source maps when processing style tags with PostCSS.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.11.0 (2023-06-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix to allow \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eallowedClasses\u003c/code\u003e attributes. Thanks to \u003ca href=\"https://github.com/KevinSJ\"\u003eKevin Jiang\u003c/a\u003e for this fix!\u003c/li\u003e\n\u003cli\u003eUpgrade mocha version\u003c/li\u003e\n\u003cli\u003eApply small linter fixes in tests\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e.idea\u003c/code\u003e temp files to \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThanks to \u003ca href=\"https://github.com/VitaliiShpital\"\u003eVitalii Shpital\u003c/a\u003e for the updates!\u003c/li\u003e\n\u003cli\u003eShow parseStyleAttributes warning in browser only. Thanks to \u003ca href=\"https://github.com/mog422\"\u003emog422\u003c/a\u003e for this update!\u003c/li\u003e\n\u003cli\u003eRemove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. \u003ca href=\"https://github.com/dylanarmstrong\"\u003eThanks to Dylan Armstrong\u003c/a\u003e for this update!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.10.0 (2023-02-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when \u003ccode\u003edisallowedTagMode\u003c/code\u003e is set to any variant of \u003ccode\u003eescape\u003c/code\u003e -- just escape the disallowed tags that are present. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/464\"\u003e#464\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/464\"\u003eapostrophecms/sanitize-html#464\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/dliebner\"\u003eDaniel Liebner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etagAllowed()\u003c/code\u003e helper function which takes a tag name and checks it against \u003ccode\u003eoptions.allowedTags\u003c/code\u003e and returns \u003ccode\u003etrue\u003c/code\u003e if the tag is allowed and \u003ccode\u003efalse\u003c/code\u003e if it is not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.0 (2023-01-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option parseStyleAttributes to skip style parsing. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/547\"\u003e#547\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/547\"\u003eapostrophecms/sanitize-html#547\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/bertyhell\"\u003eBert Verhelst\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.1 (2022-12-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIf the argument is a number, convert it to a string, for backwards compatibility. Thanks to \u003ca href=\"https://github.com/alexander-schranz\"\u003eAlexander Schranz\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.0 (2022-12-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrades \u003ccode\u003ehtmlparser2\u003c/code\u003e to new major version \u003ccode\u003e^8.0.0\u003c/code\u003e. Thanks to \u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for this contribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.3 (2022-10-24)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIf allowedTags is falsy but not exactly \u003ccode\u003efalse\u003c/code\u003e, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/176\"\u003e#176\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/176\"\u003eapostrophecms/sanitize-html#176\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.2 (2022-09-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClosing tags must agree with opening tags. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/549\"\u003e#549\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/549\"\u003eapostrophecms/sanitize-html#549\u003c/a\u003e), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to\n\u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for the report and the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.1 (2022-07-20)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/apostrophecms/apostrophe/commits/2.12.1/packages/sanitize-html\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sequelize` from 6.37.7 to 6.37.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sequelize/sequelize/releases\"\u003esequelize's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.37.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/sequelize/sequelize/compare/v6.37.7...v6.37.8\"\u003e6.37.8\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eSecurity improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evalidate cast types in JSON where clauses (\u003ca href=\"https://github.com/sequelize/sequelize/commit/b1475280b82159c11b829b43568da370f598a9e4\"\u003eb147528\u003c/a\u003e) (\u003ca href=\"https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr\"\u003eCVE-2026-30951\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/cb7f99ad05de56137672ab95586359ff6ceba004\"\u003e\u003ccode\u003ecb7f99a\u003c/code\u003e\u003c/a\u003e fix: validate cast types in JSON where clauses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/b1475280b82159c11b829b43568da370f598a9e4\"\u003e\u003ccode\u003eb147528\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/4b8b5b94a09220f7aae1e96d6d19ff65695fc100\"\u003e\u003ccode\u003e4b8b5b9\u003c/code\u003e\u003c/a\u003e meta: Fix MSSQL CI (\u003ca href=\"https://redirect.github.com/sequelize/sequelize/issues/17931\"\u003e#17931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sequelize/sequelize/compare/v6.37.7...v6.37.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~wikirik\"\u003ewikirik\u003c/a\u003e, a new releaser for sequelize since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io` from 3.1.2 to 4.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@3.4.4\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4\"\u003e719f9eb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@3.3.5\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf\"\u003e9d39f1f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/blob/4.6.2/CHANGELOG.md\"\u003esocket.io's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.6.1...4.6.2\"\u003e4.6.2\u003c/a\u003e (2023-05-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eexports:\u003c/strong\u003e move \u003ccode\u003etypes\u003c/code\u003e condition to the top (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4698\"\u003e#4698\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e\"\u003e3d44aae\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/engine.io/releases/tag/6.4.0\"\u003e\u003ccode\u003eengine.io@~6.4.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/releases/tag/8.11.0\"\u003e\u003ccode\u003ews@~8.11.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.6.0...4.6.1\"\u003e4.6.1\u003c/a\u003e (2023-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eproperly handle manually created dynamic namespaces (\u003ca href=\"https://github.com/socketio/socket.io/commit/0d0a7a22b5ff95f864216c529114b7dd41738d1e\"\u003e0d0a7a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etypes:\u003c/strong\u003e fix nodenext module resolution compatibility (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4625\"\u003e#4625\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/d0b22c630208669aceb7ae013180c99ef90279b0\"\u003ed0b22c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/engine.io/releases/tag/6.4.0\"\u003e\u003ccode\u003eengine.io@~6.4.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/releases/tag/8.11.0\"\u003e\u003ccode\u003ews@~8.11.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.5.4...4.6.0\"\u003e4.6.0\u003c/a\u003e (2023-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd timeout method to remote socket (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4558\"\u003e#4558\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/0c0eb0016317218c2be3641e706cfaa9bea39a2d\"\u003e0c0eb00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etypings:\u003c/strong\u003e properly type emits with timeout (\u003ca href=\"https://github.com/socketio/socket.io/commit/f3ada7d8ccc02eeced2b9b9ac8e4bc921eb630d2\"\u003ef3ada7d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003ch4\u003ePromise-based acknowledgements\u003c/h4\u003e\n\u003cp\u003eThis commit adds some syntactic sugar around acknowledgements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eemitWithAck()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003etry {\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/faf914c9ab3e06a6e84fc91774a4182e58f8ae70\"\u003e\u003ccode\u003efaf914c\u003c/code\u003e\u003c/a\u003e chore(release): 4.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115\"\u003e\u003ccode\u003e15af22f\u003c/code\u003e\u003c/a\u003e refactor: add a noop handler for the error event\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d3658944e562e538db094ef298d274821984dea2\"\u003e\u003ccode\u003ed365894\u003c/code\u003e\u003c/a\u003e chore: bump socket.io-parser to version 4.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/12b0de4f524083c31b613ce33e4fd9f8d313f434\"\u003e\u003ccode\u003e12b0de4\u003c/code\u003e\u003c/a\u003e chore: bump engine.io to version 6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e\"\u003e\u003ccode\u003e3d44aae\u003c/code\u003e\u003c/a\u003e fix(exports): move \u003ccode\u003etypes\u003c/code\u003e condition to the top (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4698\"\u003e#4698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/cbf0362476a23a573233369f1119f7e305539336\"\u003e\u003ccode\u003ecbf0362\u003c/code\u003e\u003c/a\u003e docs(examples): bump dependencies for the private messaging example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/59280da20b5ab6509bafb87793cc0077d60d9c27\"\u003e\u003ccode\u003e59280da\u003c/code\u003e\u003c/a\u003e docs(examples): update examples to docker compose v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/50a4d37cb82f2a14e058ae5a3038ee25796c2121\"\u003e\u003ccode\u003e50a4d37\u003c/code\u003e\u003c/a\u003e docs(changelog): add version of transitive dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/6458b2bef171aa0d7dea198297608ea2ed4b1db9\"\u003e\u003ccode\u003e6458b2b\u003c/code\u003e\u003c/a\u003e docs(example): basic WebSocket-only client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/b56da8a99f4814d553064af175edcf747d5561d7\"\u003e\u003ccode\u003eb56da8a\u003c/code\u003e\u003c/a\u003e docs(examples): upgrade to React 18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/3.1.2...4.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `braces`\n\nUpdates `micromatch` from 3.1.10 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Update picomatch to fix regression \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/179\"\u003e#179\u003c/a\u003e (8becb55)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce newer version of picomatch with bugfixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.1 - 4.0.5]\u003c/h2\u003e\n\u003ch2\u003e[4.0.0] - 2019-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onMatch\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onIgnore\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onResult\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js \u0026gt;= 8.6\u003c/li\u003e\n\u003cli\u003eRemoved support for passing an array of brace patterns to \u003ccode\u003emicromatch.braces()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eTo strictly enforce closing brackets (for \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, and \u003ccode\u003e(\u003c/code\u003e), you must now use \u003ccode\u003estrictBrackets=true\u003c/code\u003e instead of \u003ccode\u003estrictErrors\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecache\u003c/code\u003e - caching and all related options and methods have been removed\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.unixify\u003c/code\u003e was renamed to \u003ccode\u003eoptions.windows\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.nodupes\u003c/code\u003e Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the \u003ccode\u003eonMatch\u003c/code\u003e, \u003ccode\u003eonResult\u003c/code\u003e and \u003ccode\u003eonIgnore\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.snapdragon\u003c/code\u003e was removed, as snapdragon is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.sourcemap\u003c/code\u003e was removed, as snapdragon is no longer used, which provided sourcemap support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0] - 2017-04-11\u003c/h2\u003e\n\u003cp\u003eComplete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003emicromatch results are directly compared to bash results\u003c/li\u003e\n\u003cli\u003ein rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results\u003c/li\u003e\n\u003cli\u003emicromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash \u0026quot;expansion\u0026quot; API.\u003c/p\u003e\n\u003cp\u003eThese sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an \u003ca href=\"https://gist.github.com/jonschlinkert/099c8914f56529f75bc757cc9e5e8e2a\"\u003eAST is created\u003c/a\u003e, then a new string is generated by the compiler.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920\"\u003e\u003ccode\u003e8bd704e\u003c/code\u003e\u003c/a\u003e 4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a\"\u003e\u003ccode\u003ea0e6841\u003c/code\u003e\u003c/a\u003e run verb to generate README documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a\"\u003e\u003ccode\u003e4ec2884\u003c/code\u003e\u003c/a\u003e Merge branch 'v4' into hauserkristof-feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\"\u003e\u003ccode\u003e03aa805\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/266\"\u003e#266\u003c/a\u003e from hauserkristof/feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8\"\u003e\u003ccode\u003e814f5f7\u003c/code\u003e\u003c/a\u003e lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae\"\u003e\u003ccode\u003e67fcce6\u003c/code\u003e\u003c/a\u003e fix: CHANGELOG about braces \u0026amp; CVE-2024-4068, v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30\"\u003e\u003ccode\u003e113f2e3\u003c/code\u003e\u003c/a\u003e fix: CVE numbers in CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f\"\u003e\u003ccode\u003ed9dbd9a\u003c/code\u003e\u003c/a\u003e feat: updated CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e\"\u003e\u003ccode\u003e2ab1315\u003c/code\u003e\u003c/a\u003e fix: use actions/setup-node@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce\"\u003e\u003ccode\u003e1406ea3\u003c/code\u003e\u003c/a\u003e feat: rework test to work on macos with node 10,12 and 14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/micromatch/compare/3.1.10...4.0.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cookie` from 0.4.2 to 0.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/cookie/releases\"\u003ecookie's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)  bc38ffd\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAllow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eAlthough not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd fast path for \u003ccode\u003eserialize\u003c/code\u003e without options, use \u003ccode\u003eobj.hasOwnProperty\u003c/code\u003e when parsing (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf: parse cookies ~10% faster (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e by \u003ca href=\"https://github.com/kurtextrem\"\u003e\u003ccode\u003e@​kurtextrem\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/170\"\u003e#170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: narrow the validation of cookies to match RFC6265 (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/167\"\u003e#167\u003c/a\u003e by \u003ca href=\"https://github.com/bewinsnw\"\u003e\u003ccode\u003e@​bewinsnw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: add \u003ccode\u003emain\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e for rspack (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/166\"\u003e#166\u003c/a\u003e by \u003ca href=\"https://github.com/proudparrot2\"\u003e\u003ccode\u003e@​proudparrot2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\"\u003ehttps://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epartitioned\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epriority\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires\u003c/code\u003e option to reject invalid dates\u003c/li\u003e\n\u003cli\u003epref: improve default decode speed\u003c/li\u003e\n\u003cli\u003epref: remove slow string split in parse\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/d19eaa1a2bb9ca43ac0951edd852ba4e88e410e0\"\u003e\u003ccode\u003ed19eaa1\u003c/code\u003e\u003c/a\u003e 0.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/bc38ffd0eae716b199236dda061d0bdc74192dd3\"\u003e\u003ccode\u003ebc38ffd\u003c/code\u003e\u003c/a\u003e Fix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014\"\u003e\u003ccode\u003ecf4658f\u003c/code\u003e\u003c/a\u003e 0.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e\"\u003e\u003ccode\u003e6a8b8f5\u003c/code\u003e\u003c/a\u003e Allow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0\"\u003e\u003ccode\u003e58015c0\u003c/code\u003e\u003c/a\u003e Remove more code and perf wins (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627\"\u003e\u003ccode\u003eab057d6\u003c/code\u003e\u003c/a\u003e 0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542\"\u003e\u003ccode\u003e5f02ca8\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579\"\u003e\u003ccode\u003ea5d591c\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105\"\u003e\u003ccode\u003e51968f9\u003c/code\u003e\u003c/a\u003e Skip isNaN\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc\"\u003e\u003ccode\u003e9e7ca51\u003c/code\u003e\u003c/a\u003e perf(parse): cache length, return early (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/cookie/compare/v0.4.2...v0.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~blakeembrey\"\u003eblakeembrey\u003c/a\u003e, a new releaser for cookie since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `crypto-js`\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 5.0.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca ...\n\n_Description has been truncated_","html_url":"https://github.com/fujimakis-sss/juice-shop/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujimakis-sss%2Fjuice-shop/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4479640634","node_id":"PR_kwDORCrDGM7dLk7y","number":16,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 26 updates","user":"dependabot[bot]","labels":["dependencies","javascript","size: XS","stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T17:40:24.000Z","updated_at":"2026-06-01T00:24:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":26,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"tar","old_version":"7.5.8","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"@opentelemetry/sdk-node","old_version":"0.211.0","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"4.0.1","new_version":"5.0.6","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.3.6","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"hono","old_version":"4.12.0","new_version":"4.12.21","repository_url":"https://github.com/honojs/hono"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"10.2.2","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"8.0.0","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"rollup","old_version":"4.55.3","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"simple-git","old_version":"3.30.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.8` | `7.5.11` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.211.0` | `0.218.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.1.0` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `4.0.1` | `5.0.6` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.5.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.3.6` | `5.8.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.21` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.2.2` | `10.2.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `8.0.0` |\n| [rollup](https://github.com/rollup/rollup) | `4.55.3` | `4.60.4` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.36.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.3` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/diagnostics-otel directory: [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.8 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.8...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchl...\n\n_Description has been truncated_","html_url":"https://github.com/moshehbenavraham/crocbot/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moshehbenavraham%2Fcrocbot/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4473898630","node_id":"PR_kwDOD_J6Kc7c5B02","number":1060,"state":"open","title":"chore(deps): Bump the client-prod-deps group across 1 directory with 17 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T02:17:17.000Z","updated_at":"2026-05-19T02:17:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"client-prod-deps","update_count":17,"packages":[{"name":"@capacitor/android","old_version":"7.4.4","new_version":"8.3.3","repository_url":"https://github.com/ionic-team/capacitor"},{"name":"@capacitor/core","old_version":"7.4.4","new_version":"8.3.3","repository_url":"https://github.com/ionic-team/capacitor"},{"name":"@capacitor/splash-screen","old_version":"7.0.3","new_version":"8.0.1","repository_url":"https://github.com/ionic-team/capacitor-plugins"},{"name":"@ionic/core","old_version":"8.8.1","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@ionic/vue","old_version":"8.8.1","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@ionic/vue-router","old_version":"8.7.17","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@sentry/vue","old_version":"10.38.0","new_version":"10.52.0","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@zip.js/zip.js","old_version":"2.8.8","new_version":"2.8.26","repository_url":"https://github.com/gildas-lormeau/zip.js"},{"name":"axios","old_version":"1.15.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.4.0","new_version":"3.4.2","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"file-type","old_version":"21.3.2","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"pdfjs-dist","old_version":"5.4.624","new_version":"5.7.284","repository_url":"https://github.com/mozilla/pdf.js"},{"name":"vite-plugin-static-copy","old_version":"3.2.0","new_version":"4.1.0","repository_url":"https://github.com/sapphi-red/vite-plugin-static-copy"},{"name":"vue","old_version":"3.5.30","new_version":"3.5.34","repository_url":"https://github.com/vuejs/core"},{"name":"vue-i18n","old_version":"11.3.0","new_version":"11.4.2","repository_url":"https://github.com/intlify/vue-i18n"},{"name":"vue-router","old_version":"4.6.4","new_version":"5.0.6","repository_url":"https://github.com/vuejs/router"}],"path":null,"ecosystem":"npm"},"body":"Bumps the client-prod-deps group with 17 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@capacitor/android](https://github.com/ionic-team/capacitor) | `7.4.4` | `8.3.3` |\n| [@capacitor/core](https://github.com/ionic-team/capacitor) | `7.4.4` | `8.3.3` |\n| [@capacitor/splash-screen](https://github.com/ionic-team/capacitor-plugins) | `7.0.3` | `8.0.1` |\n| [@ionic/core](https://github.com/ionic-team/ionic-framework) | `8.8.1` | `8.8.6` |\n| [@ionic/vue](https://github.com/ionic-team/ionic-framework) | `8.8.1` | `8.8.6` |\n| [@ionic/vue-router](https://github.com/ionic-team/ionic-framework) | `8.7.17` | `8.8.6` |\n| [@sentry/vue](https://github.com/getsentry/sentry-javascript) | `10.38.0` | `10.52.0` |\n| [@zip.js/zip.js](https://github.com/gildas-lormeau/zip.js) | `2.8.8` | `2.8.26` |\n| [axios](https://github.com/axios/axios) | `1.15.0` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.0` | `3.4.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.2` | `22.0.1` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` |\n| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `5.4.624` | `5.7.284` |\n| [vite-plugin-static-copy](https://github.com/sapphi-red/vite-plugin-static-copy) | `3.2.0` | `4.1.0` |\n| [vue](https://github.com/vuejs/core) | `3.5.30` | `3.5.34` |\n| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.3.0` | `11.4.2` |\n| [vue-router](https://github.com/vuejs/router) | `4.6.4` | `5.0.6` |\n\n\nUpdates `@capacitor/android` from 7.4.4 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/releases\"\u003e@​capacitor/android's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md\"\u003e@​capacitor/android's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Experimental config for swift-tools-version in SPM apps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8372\"\u003e#8372\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/d2ee84f8186909b142b418c02fc19f79d3c6a6ed\"\u003ed2ee84f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e support SPM package traits in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8351\"\u003e#8351\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/27e6aa89cf22e0b1a6d46710faed9aa8899600b0\"\u003e27e6aa8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.1.0...8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-03-06)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Add missing null checks in BridgeActivity (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8185\"\u003e#8185\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/bd29b9913a9279de26fc21c6cb0b93b8f5e5433a\"\u003ebd29b99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Concurrent Range Requests for assets (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8357\"\u003e#8357\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5e82c89f1bff6d0e9ccea2554007aacb920d4c58\"\u003e5e82c89\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/76ff70e0e40bbbca63c5195c572f166e5ce82089\"\u003e\u003ccode\u003e76ff70e\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003e\u003ccode\u003eb2d7719\u003c/code\u003e\u003c/a\u003e fix(cli): copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/23ad7f8a4231a3b78abec32bb67bbd0c415b5011\"\u003e\u003ccode\u003e23ad7f8\u003c/code\u003e\u003c/a\u003e Release 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003e\u003ccode\u003eb3c769e\u003c/code\u003e\u003c/a\u003e fix(cli): link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/560fd847d6d1153fd73edf9642108a57de2bd0d5\"\u003e\u003ccode\u003e560fd84\u003c/code\u003e\u003c/a\u003e docs: Update Contributing guide branches (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8425\"\u003e#8425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e\u003ccode\u003e790bd27\u003c/code\u003e\u003c/a\u003e fix(cli): generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e\u003ccode\u003e1f7e33f\u003c/code\u003e\u003c/a\u003e fix(cli): generate binaryTarget entries for custom xcframeworks in Package.sw...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e\u003ccode\u003e3232f0f\u003c/code\u003e\u003c/a\u003e fix(cli): add system framework and weak framework support in SPM Package.swif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e\u003ccode\u003e0bd0676\u003c/code\u003e\u003c/a\u003e fix(cli): add cSettings support for compiler flags in generated Package.swift...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e\u003ccode\u003e0da130e\u003c/code\u003e\u003c/a\u003e fix(cli): handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor/compare/7.4.4...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/android\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@capacitor/core` from 7.4.4 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/releases\"\u003e@​capacitor/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md\"\u003e@​capacitor/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Experimental config for swift-tools-version in SPM apps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8372\"\u003e#8372\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/d2ee84f8186909b142b418c02fc19f79d3c6a6ed\"\u003ed2ee84f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e support SPM package traits in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8351\"\u003e#8351\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/27e6aa89cf22e0b1a6d46710faed9aa8899600b0\"\u003e27e6aa8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.1.0...8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-03-06)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Add missing null checks in BridgeActivity (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8185\"\u003e#8185\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/bd29b9913a9279de26fc21c6cb0b93b8f5e5433a\"\u003ebd29b99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Concurrent Range Requests for assets (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8357\"\u003e#8357\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5e82c89f1bff6d0e9ccea2554007aacb920d4c58\"\u003e5e82c89\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/76ff70e0e40bbbca63c5195c572f166e5ce82089\"\u003e\u003ccode\u003e76ff70e\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003e\u003ccode\u003eb2d7719\u003c/code\u003e\u003c/a\u003e fix(cli): copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/23ad7f8a4231a3b78abec32bb67bbd0c415b5011\"\u003e\u003ccode\u003e23ad7f8\u003c/code\u003e\u003c/a\u003e Release 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003e\u003ccode\u003eb3c769e\u003c/code\u003e\u003c/a\u003e fix(cli): link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/560fd847d6d1153fd73edf9642108a57de2bd0d5\"\u003e\u003ccode\u003e560fd84\u003c/code\u003e\u003c/a\u003e docs: Update Contributing guide branches (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8425\"\u003e#8425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e\u003ccode\u003e790bd27\u003c/code\u003e\u003c/a\u003e fix(cli): generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e\u003ccode\u003e1f7e33f\u003c/code\u003e\u003c/a\u003e fix(cli): generate binaryTarget entries for custom xcframeworks in Package.sw...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e\u003ccode\u003e3232f0f\u003c/code\u003e\u003c/a\u003e fix(cli): add system framework and weak framework support in SPM Package.swif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e\u003ccode\u003e0bd0676\u003c/code\u003e\u003c/a\u003e fix(cli): add cSettings support for compiler flags in generated Package.swift...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e\u003ccode\u003e0da130e\u003c/code\u003e\u003c/a\u003e fix(cli): handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor/compare/7.4.4...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@capacitor/splash-screen` from 7.0.3 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor-plugins/releases\"\u003e@​capacitor/splash-screen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/8\"\u003e\u003ccode\u003e@​8\u003c/code\u003e\u003c/a\u003e.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@8.0.0...@capacitor/splash-screen@8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a8760a989f594bc406d0ec7da58125d17447cae4\"\u003ea8760a9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/8\"\u003e\u003ccode\u003e@​8\u003c/code\u003e\u003c/a\u003e.0.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@8.0.0-beta.0...@capacitor/splash-screen@8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-08)\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.4...@capacitor/splash-screen@7.0.5\"\u003e7.0.5\u003c/a\u003e (2026-02-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/5c3580726b7b216077d903de3546754a87588ac6\"\u003e5c35807\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.3...@capacitor/splash-screen@7.0.4\"\u003e7.0.4\u003c/a\u003e (2025-11-26)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/bf4fe8c9ace79237c048c9b5ee0ab7455042bc86\"\u003e\u003ccode\u003ebf4fe8c\u003c/code\u003e\u003c/a\u003e chore(release): publish [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/3ca026a2f730ec50ac55840cd305ead79fe7dd7e\"\u003e\u003ccode\u003e3ca026a\u003c/code\u003e\u003c/a\u003e fix(app-launcher): improvements on canOpenUrl and openUrl (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2476\"\u003e#2476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a8760a989f594bc406d0ec7da58125d17447cae4\"\u003e\u003ccode\u003ea8760a9\u003c/code\u003e\u003c/a\u003e fix: AGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/1f3e9f027a3447d10e8a037412ebaaf8bf3ee7bd\"\u003e\u003ccode\u003e1f3e9f0\u003c/code\u003e\u003c/a\u003e chore(ci): download iOS simulators (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2472\"\u003e#2472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/c1a313134c87d52e66a42e041caf2a6d74aafdab\"\u003e\u003ccode\u003ec1a3131\u003c/code\u003e\u003c/a\u003e chore(ci): remove Xcode 16 workaround (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2466\"\u003e#2466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/f0c2e127fb86e14b9f9081dcfadee3eec8a148fb\"\u003e\u003ccode\u003ef0c2e12\u003c/code\u003e\u003c/a\u003e docs(README): Fix link to \u003ccode\u003e@​capacitor/keyboard\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/c1fe5621b3b2ba57585b94d2a71491aa8bcac7eb\"\u003e\u003ccode\u003ec1fe562\u003c/code\u003e\u003c/a\u003e chore(release): publish [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/77bb93bb18ad8c41ba75ac8328d4ec03a63b2ff2\"\u003e\u003ccode\u003e77bb93b\u003c/code\u003e\u003c/a\u003e chore: Use Capacitor 8 stable version (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2452\"\u003e#2452\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/8152fc17904fd1a540fef52b027693ba46e98b58\"\u003e\u003ccode\u003e8152fc1\u003c/code\u003e\u003c/a\u003e docs(splash-screen): fix typo in README regarding Android 12 issues (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2456\"\u003e#2456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a58d05ed9fb3226790358a4ef2ded1aae0609dc9\"\u003e\u003ccode\u003ea58d05e\u003c/code\u003e\u003c/a\u003e docs(README): Indicate that plugins are for Capacitor 8 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2453\"\u003e#2453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.3...@capacitor/splash-screen@8.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/core` from 8.8.1 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.2\"\u003e8.8.2\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eangular:\u003c/strong\u003e forward generic type parameter on ModalOptions and PopoverOptions (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31022\"\u003e#31022\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/cbfe7cce3be345eacbf9fe29e74438a927c16679\"\u003ecbfe7cc\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31012\"\u003e#31012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e re-evaluate label visibility when label is updated (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30980\"\u003e#30980\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ce83407e1debbe74f20d2d6dc2535a0ef3f974a0\"\u003ece83407\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30632\"\u003e#30632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e days keep in focus after changing the month (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31021\"\u003e#31021\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/5fdaba2b021fe8b2b43a49eae7c687544c97d502\"\u003e5fdaba2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/blob/main/CHANGELOG.md\"\u003e@​ionic/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/237c628741f368b179d61fca76a2ba14947ea811\"\u003e\u003ccode\u003e237c628\u003c/code\u003e\u003c/a\u003e v8.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e\u003ccode\u003e44be424\u003c/code\u003e\u003c/a\u003e fix(segment): segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003e\u003ccode\u003ec18502f\u003c/code\u003e\u003c/a\u003e fix(action-sheet): restore action-sheet-selected class on non-radio buttons (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/8702ab9487f0615a3e538dc0bbfd2e9884b4669c\"\u003e\u003ccode\u003e8702ab9\u003c/code\u003e\u003c/a\u003e chore(deps): update pozil/auto-assign-issue action to v3 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31094\"\u003e#31094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e\u003ccode\u003e30b479a\u003c/code\u003e\u003c/a\u003e fix(datetime): prevent hidden-state observer from tearing down ready class on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f8977021f96da7ff75e7292b82cda2bc93e80cfd\"\u003e\u003ccode\u003ef897702\u003c/code\u003e\u003c/a\u003e chore(vercel): use absolute hrefs in preview dir indexes (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31106\"\u003e#31106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/d26017f6868b168344de0d64c63a1eea9397fee9\"\u003e\u003ccode\u003ed26017f\u003c/code\u003e\u003c/a\u003e merge release-8.8.5 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31099\"\u003e#31099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/b57075fe47215ee8648587747f031c21ba277c39\"\u003e\u003ccode\u003eb57075f\u003c/code\u003e\u003c/a\u003e chore(): update package lock files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ba8b2919adb4c4edd345ed246f08fbc3b6a0111f\"\u003e\u003ccode\u003eba8b291\u003c/code\u003e\u003c/a\u003e v8.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003e\u003ccode\u003efd79771\u003c/code\u003e\u003c/a\u003e fix(select): select focused option on Enter in popover and modal interfaces (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/vue` from 8.8.1 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/vue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.2\"\u003e8.8.2\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eangular:\u003c/strong\u003e forward generic type parameter on ModalOptions and PopoverOptions (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31022\"\u003e#31022\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/cbfe7cce3be345eacbf9fe29e74438a927c16679\"\u003ecbfe7cc\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31012\"\u003e#31012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e re-evaluate label visibility when label is updated (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30980\"\u003e#30980\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ce83407e1debbe74f20d2d6dc2535a0ef3f974a0\"\u003ece83407\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30632\"\u003e#30632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e days keep in focus after changing the month (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31021\"\u003e#31021\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/5fdaba2b021fe8b2b43a49eae7c687544c97d502\"\u003e5fdaba2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/blob/main/CHANGELOG.md\"\u003e@​ionic/vue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/237c628741f368b179d61fca76a2ba14947ea811\"\u003e\u003ccode\u003e237c628\u003c/code\u003e\u003c/a\u003e v8.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e\u003ccode\u003e44be424\u003c/code\u003e\u003c/a\u003e fix(segment): segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003e\u003ccode\u003ec18502f\u003c/code\u003e\u003c/a\u003e fix(action-sheet): restore action-sheet-selected class on non-radio buttons (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/8702ab9487f0615a3e538dc0bbfd2e9884b4669c\"\u003e\u003ccode\u003e8702ab9\u003c/code\u003e\u003c/a\u003e chore(deps): update pozil/auto-assign-issue action to v3 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31094\"\u003e#31094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e\u003ccode\u003e30b479a\u003c/code\u003e\u003c/a\u003e fix(datetime): prevent hidden-state observer from tearing down ready class on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f8977021f96da7ff75e7292b82cda2bc93e80cfd\"\u003e\u003ccode\u003ef897702\u003c/code\u003e\u003c/a\u003e chore(vercel): use absolute hrefs in preview dir indexes (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31106\"\u003e#31106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/d26017f6868b168344de0d64c63a1eea9397fee9\"\u003e\u003ccode\u003ed26017f\u003c/code\u003e\u003c/a\u003e merge release-8.8.5 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31099\"\u003e#31099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/b57075fe47215ee8648587747f031c21ba277c39\"\u003e\u003ccode\u003eb57075f\u003c/code\u003e\u003c/a\u003e chore(): update package lock files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ba8b2919adb4c4edd345ed246f08fbc3b6a0111f\"\u003e\u003ccode\u003eba8b291\u003c/code\u003e\u003c/a\u003e v8.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003e\u003ccode\u003efd79771\u003c/code\u003e\u003c/a\u003e fix(select): select focused option on Enter in popover and modal interfaces (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/vue-router` from 8.7.17 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/vue-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3c...\n\n_Description has been truncated_","html_url":"https://github.com/admariner/parsec-cloud/pull/1060","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/admariner%2Fparsec-cloud/issues/1060","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1060/packages"},{"uuid":"4473377011","node_id":"PR_kwDOM5Y-Bc7c3YwV","number":2370,"state":"open","title":"build(deps): bump the all-minor-patch group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T23:56:46.000Z","updated_at":"2026-05-19T00:14:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"all-minor-patch","update_count":22,"packages":[{"name":"@types/node","old_version":"25.6.2","new_version":"25.8.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"eslint","old_version":"10.3.0","new_version":"10.4.0","repository_url":"https://github.com/eslint/eslint"},{"name":"jest","old_version":"30.4.1","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"typescript-eslint","old_version":"8.59.2","new_version":"8.59.3","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"vite","old_version":"8.0.11","new_version":"8.0.13","repository_url":"https://github.com/vitejs/vite"},{"name":"@graphql-hive/render-laboratory","old_version":"0.1.7","new_version":"0.1.8","repository_url":"https://github.com/graphql-hive/console"},{"name":"ws","old_version":"8.20.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@nestjs/common","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/core","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/platform-express","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/testing","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"file-type","old_version":"22.0.0","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"@nats-io/nats-core","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/nats-io/nats.js"},{"name":"@nats-io/transport-node","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/nats-io/nats.js"},{"name":"@graphql-hive/router-query-planner","old_version":"0.0.24","new_version":"0.0.27","repository_url":"https://github.com/graphql-hive/router"},{"name":"@aws-sdk/client-sts","old_version":"3.1045.0","new_version":"3.1047.0","repository_url":"https://github.com/aws/aws-sdk-js-v3"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"express","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/expressjs/express"},{"name":"@cloudflare/workers-types","old_version":"4.20260508.1","new_version":"4.20260515.1","repository_url":"https://github.com/cloudflare/workerd"},{"name":"wrangler","old_version":"4.90.0","new_version":"4.92.0","repository_url":"https://github.com/cloudflare/workers-sdk"},{"name":"@graphql-codegen/typescript-resolvers","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/dotansimha/graphql-code-generator"},{"name":"@graphql-codegen/typescript-operations","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/dotansimha/graphql-code-generator"}],"path":null,"ecosystem":"npm"},"body":"Bumps the all-minor-patch group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.2` | `25.8.0` |\n| [eslint](https://github.com/eslint/eslint) | `10.3.0` | `10.4.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.4.1` | `30.4.2` |\n| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.2` | `8.59.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.11` | `8.0.13` |\n| [@graphql-hive/render-laboratory](https://github.com/graphql-hive/console/tree/HEAD/packages/render-laboratory) | `0.1.7` | `0.1.8` |\n| [ws](https://github.com/websockets/ws) | `8.20.0` | `8.20.1` |\n| [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `11.1.19` | `11.1.21` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.19` | `11.1.21` |\n| [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `11.1.19` | `11.1.21` |\n| [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing) | `11.1.19` | `11.1.21` |\n| [file-type](https://github.com/sindresorhus/file-type) | `22.0.0` | `22.0.1` |\n| [@nats-io/nats-core](https://github.com/nats-io/nats.js) | `3.3.1` | `3.4.0` |\n| [@nats-io/transport-node](https://github.com/nats-io/nats.js) | `3.3.1` | `3.4.0` |\n| [@graphql-hive/router-query-planner](https://github.com/graphql-hive/router/tree/HEAD/lib/node-addon) | `0.0.24` | `0.0.27` |\n| [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.1045.0` | `3.1047.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.25.12` | `0.28.0` |\n| [express](https://github.com/expressjs/express) | `5.2.0` | `5.2.1` |\n| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260508.1` | `4.20260515.1` |\n| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.90.0` | `4.92.0` |\n| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `6.0.0` | `6.0.1` |\n| [@graphql-codegen/typescript-operations](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/operations) | `6.0.1` | `6.0.2` |\n\n\nUpdates `@types/node` from 25.6.2 to 25.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 10.3.0 to 10.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.4.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1a45ec596af1dd5f880e6874cb8f24dafb6a7ecf\"\u003e\u003ccode\u003e1a45ec5\u003c/code\u003e\u003c/a\u003e feat: check sequence expressions in \u003ccode\u003efor-direction\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20701\"\u003e#20701\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/450040bd89b989b3531824c6be45feb5fe3d936b\"\u003e\u003ccode\u003e450040b\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eincludeIgnoreFile()\u003c/code\u003e to \u003ccode\u003eeslint/config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20735\"\u003e#20735\u003c/a\u003e) (Kirk Waiblinger)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/544c0c3da589166ad8e5d634f35d3d06701c57be\"\u003e\u003ccode\u003e544c0c3\u003c/code\u003e\u003c/a\u003e fix: escape code path DOT labels in debug output (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20866\"\u003e#20866\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6799431203f2579632d0870f98ba132067f4040c\"\u003e\u003ccode\u003e6799431\u003c/code\u003e\u003c/a\u003e fix: update dependency \u003ccode\u003e@​eslint/config-helpers\u003c/code\u003e to ^0.6.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20850\"\u003e#20850\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f078fef5005dceb14fc162aab7c7200e027688dd\"\u003e\u003ccode\u003ef078fef\u003c/code\u003e\u003c/a\u003e fix: handle non-array deprecated rule replacements (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20825\"\u003e#20825\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7e52a7151fb92eec0e0f67fe4e5ddbd1ccce796f\"\u003e\u003ccode\u003e7e52a71\u003c/code\u003e\u003c/a\u003e docs: add mention of \u003ccode\u003e@eslint-react/eslint-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20869\"\u003e#20869\u003c/a\u003e) (Pavel)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/db3468ba746407d7f286f18f7ea9db6df0e3bc08\"\u003e\u003ccode\u003edb3468b\u003c/code\u003e\u003c/a\u003e docs: tweak wording around ambiguous CJS-vs-ESM config (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20865\"\u003e#20865\u003c/a\u003e) (Kirk Waiblinger)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/90846643ec6e97d447ae0d831fabe6d17b0a998a\"\u003e\u003ccode\u003e9084664\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9cc73875046e3c4b8313644cbb1e99e26b36bd3f\"\u003e\u003ccode\u003e9cc7387\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3d7b5484407403817aa9071a394d336d8ea96eb5\"\u003e\u003ccode\u003e3d7b548\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/191ec3c0a3f94ce0f110df761f0b2b8949011ccb\"\u003e\u003ccode\u003e191ec3c\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6616856f28fa514a30f87b5539fc100d739a94bf\"\u003e\u003ccode\u003e6616856\u003c/code\u003e\u003c/a\u003e chore: upgrade knip to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20875\"\u003e#20875\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d13b084a3ad02f926e9addaa35fc383759ea5554\"\u003e\u003ccode\u003ed13b084\u003c/code\u003e\u003c/a\u003e ci: ensure auto-created PRs run CI (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20860\"\u003e#20860\u003c/a\u003e) (lumir)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e71c7af86dce9acc1d18cb12d2184309f6841594\"\u003e\u003ccode\u003ee71c7af\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20862\"\u003e#20862\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d84393dea170f54191fd20c8268b52c81c0ccd99\"\u003e\u003ccode\u003ed84393d\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.applySuppressions() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20863\"\u003e#20863\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/24db8cb8e6f07fba667121777a15b1785486be94\"\u003e\u003ccode\u003e24db8cb\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.save() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20802\"\u003e#20802\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2ef0549cac4a9537e4c3a26b9f3edd4c99476bf6\"\u003e\u003ccode\u003e2ef0549\u003c/code\u003e\u003c/a\u003e chore: update ecosystem plugins (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20857\"\u003e#20857\u003c/a\u003e) (github-actions[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a4297918d264d229a06cd96051ef9b91c7b86732\"\u003e\u003ccode\u003ea429791\u003c/code\u003e\u003c/a\u003e ci: remove \u003ccode\u003eeslint-webpack-plugin\u003c/code\u003e types integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20668\"\u003e#20668\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9e37386aa7f2ce220b2ef74a6afbac5f6b3527c5\"\u003e\u003ccode\u003e9e37386\u003c/code\u003e\u003c/a\u003e chore: replace \u003ccode\u003erecast\u003c/code\u003e with range approach in code-sample-minimizer (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20682\"\u003e#20682\u003c/a\u003e) (Copilot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/0dd1f9ffc9a07704d46e2a4c8d4ccc0d0908b0c0\"\u003e\u003ccode\u003e0dd1f9f\u003c/code\u003e\u003c/a\u003e test: disable warning for \u003ccode\u003evm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20845\"\u003e#20845\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9da3c7bc92d9579f8db19ecb56e718538d09db2b\"\u003e\u003ccode\u003e9da3c7b\u003c/code\u003e\u003c/a\u003e refactor: remove deprecated \u003ccode\u003emeta.language\u003c/code\u003e and migrate \u003ccode\u003emeta.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20716\"\u003e#20716\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2099ed12a0a74c3d7f0808514362af2499b4fe2b\"\u003e\u003ccode\u003e2099ed1\u003c/code\u003e\u003c/a\u003e refactor: add \u003ccode\u003emeta.defaultOptions\u003c/code\u003e to more rules, enable linting (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20800\"\u003e#20800\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f1dfbc9ca57196de7092e1888cc99427bd6fe06e\"\u003e\u003ccode\u003ef1dfbc9\u003c/code\u003e\u003c/a\u003e chore: update ecosystem plugins (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20836\"\u003e#20836\u003c/a\u003e) (github-actions[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c75941390c14728806cd4baef4f6072f6de78318\"\u003e\u003ccode\u003ec759413\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20843\"\u003e#20843\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5b817d6fdc9ae2c35b528dc662b2eca8f40f64aa\"\u003e\u003ccode\u003e5b817d6\u003c/code\u003e\u003c/a\u003e test: add unit tests for lib/shared/ast-utils (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20838\"\u003e#20838\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1c13ae3934c198c494e5958fa3a68b33244ff06a\"\u003e\u003ccode\u003e1c13ae3\u003c/code\u003e\u003c/a\u003e test: add unit tests for lib/shared/severity (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20835\"\u003e#20835\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/452c4010c07dc2e36fe6ec6a8c48298878e86887\"\u003e\u003ccode\u003e452c401\u003c/code\u003e\u003c/a\u003e 10.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6417e8b55c9525070d6e168b485ce6ff21688ed\"\u003e\u003ccode\u003eb6417e8\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6616856f28fa514a30f87b5539fc100d739a94bf\"\u003e\u003ccode\u003e6616856\u003c/code\u003e\u003c/a\u003e chore: upgrade knip to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20875\"\u003e#20875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d13b084a3ad02f926e9addaa35fc383759ea5554\"\u003e\u003ccode\u003ed13b084\u003c/code\u003e\u003c/a\u003e ci: ensure auto-created PRs run CI (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20860\"\u003e#20860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7e52a7151fb92eec0e0f67fe4e5ddbd1ccce796f\"\u003e\u003ccode\u003e7e52a71\u003c/code\u003e\u003c/a\u003e docs: add mention of \u003ccode\u003e@eslint-react/eslint-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20869\"\u003e#20869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e71c7af86dce9acc1d18cb12d2184309f6841594\"\u003e\u003ccode\u003ee71c7af\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20862\"\u003e#20862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/544c0c3da589166ad8e5d634f35d3d06701c57be\"\u003e\u003ccode\u003e544c0c3\u003c/code\u003e\u003c/a\u003e fix: escape code path DOT labels in debug output (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20866\"\u003e#20866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/db3468ba746407d7f286f18f7ea9db6df0e3bc08\"\u003e\u003ccode\u003edb3468b\u003c/code\u003e\u003c/a\u003e docs: tweak wording around ambiguous CJS-vs-ESM config (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20865\"\u003e#20865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d84393dea170f54191fd20c8268b52c81c0ccd99\"\u003e\u003ccode\u003ed84393d\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.applySuppressions() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20863\"\u003e#20863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/90846643ec6e97d447ae0d831fabe6d17b0a998a\"\u003e\u003ccode\u003e9084664\u003c/code\u003e\u003c/a\u003e docs: Update README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v10.3.0...v10.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.4.1 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript-eslint` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003etypescript-eslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md\"\u003etypescript-eslint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for typescript-eslint to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/typescript-eslint\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 8.0.11 to 8.0.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.12...v8.0.13\"\u003e8.0.13\u003c/a\u003e (2026-05-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebundled-dev:\u003c/strong\u003e add lazy bundling support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21406\"\u003e#21406\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192\"\u003e4f0949f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e improve the esbuild plugin converter to pass some properties of build result to \u003ccode\u003eonEnd\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22357\"\u003e#22357\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957\"\u003e47071ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.1 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22444\"\u003e#22444\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18\"\u003e8c766a6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebuild:\u003c/strong\u003e copy public directory after building same environment with \u003ccode\u003ewrite=false\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22328\"\u003e#22328\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e\"\u003e158e8ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecss:\u003c/strong\u003e await sass/less/styl worker disposal on teardown (fix \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22274\"\u003e#22274\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22275\"\u003e#22275\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade\"\u003eb7edcb7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecss:\u003c/strong\u003e keep deprecated \u003ccode\u003ename\u003c/code\u003e/\u003ccode\u003eoriginalFileName\u003c/code\u003e in synthetic \u003ccode\u003eassetFileNames\u003c/code\u003e call (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22439\"\u003e#22439\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa\"\u003e8e59c97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eisBundled\u003c/code\u003e per environment (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22257\"\u003e#22257\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55\"\u003ea576326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003essr:\u003c/strong\u003e avoid rewriting labels that collide with imports (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22451\"\u003e#22451\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566\"\u003ed9b18e0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22430\"\u003e#22430\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6ea383859aaf0ef8e673b458f164e84aeb6ff51d\"\u003e6ea3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate changelog (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22413\"\u003e#22413\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74\"\u003efcdc87c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.11...v8.0.12\"\u003e8.0.12\u003c/a\u003e (2026-05-11)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22401\"\u003e#22401\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cf0ff4154b26cffbf18541ade1a50818842731d3\"\u003ecf0ff41\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22420\"\u003e#22420\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2be6000130e3ae2160acc301baa4f7913fbc1f6e\"\u003e2be6000\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emodule-runner:\u003c/strong\u003e prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22369\"\u003e#22369\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f5a22e62ada75286138b7ceb3825e43958ef00e1\"\u003ef5a22e6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefer to \u003ccode\u003erolldownOptions\u003c/code\u003e instead of deprecated \u003ccode\u003erollupOptions\u003c/code\u003e in messages (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22400\"\u003e#22400\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b675c7b6697423275ad9dd521d3ce7c8679761a0\"\u003eb675c7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eworker:\u003c/strong\u003e apply \u003ccode\u003ebuild.target\u003c/code\u003e to worker bundle (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22404\"\u003e#22404\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3c93fde21f07d44db7669ca7484f4e7a8767afe5\"\u003e3c93fde\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eworker:\u003c/strong\u003e forward define to worker bundle transform (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22408\"\u003e#22408\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d4838a0358d9f04a980d4d2ac7263f21a6b28ee2\"\u003ed4838a0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update dependency eslint-plugin-n to v18 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22423\"\u003e#22423\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2fe7bd2d73beb697a3d149e943ac74b768c9d27f\"\u003e2fe7bd2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22421\"\u003e#22421\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/66b9eb35188007e0e9a1bd03b4be820016cad60b\"\u003e66b9eb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/a46f11a6c218f74b08ffb3e33a25c2ce02ba6643\"\u003e\u003ccode\u003ea46f11a\u003c/code\u003e\u003c/a\u003e release: v8.0.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566\"\u003e\u003ccode\u003ed9b18e0\u003c/code\u003e\u003c/a\u003e fix(ssr): avoid rewriting labels that collide with imports (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192\"\u003e\u003ccode\u003e4f0949f\u003c/code\u003e\u003c/a\u003e feat(bundled-dev): add lazy bundling support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21406\"\u003e#21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e\"\u003e\u003ccode\u003e158e8ae\u003c/code\u003e\u003c/a\u003e fix(build): copy public directory after building same environment with `write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957\"\u003e\u003ccode\u003e47071ce\u003c/code\u003e\u003c/a\u003e feat(optimizer): improve the esbuild plugin converter to pass some properties...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa\"\u003e\u003ccode\u003e8e59c97\u003c/code\u003e\u003c/a\u003e fix(css): keep deprecated \u003ccode\u003ename\u003c/code\u003e/\u003ccode\u003eoriginalFileName\u003c/code\u003e in synthetic `assetFileNa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55\"\u003e\u003ccode\u003ea576326\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003eisBundled\u003c/code\u003e per environment (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22257\"\u003e#22257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18\"\u003e\u003ccode\u003e8c766a6\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.1 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22444\"\u003e#22444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade\"\u003e\u003ccode\u003eb7edcb7\u003c/code\u003e\u003c/a\u003e fix(css): await sass/less/styl worker disposal on teardown (fix \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22274\"\u003e#22274\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22275\"\u003e#22275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74\"\u003e\u003ccode\u003efcdc87c\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22413\"\u003e#22413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.13/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@graphql-hive/render-laboratory` from 0.1.7 to 0.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/graphql-hive/console/releases\"\u003e@​graphql-hive/render-laboratory's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​graphql-hive/render-laboratory\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/graphql-hive/console/pull/8024\"\u003e#8024\u003c/a\u003e\n\u003ca href=\"https://github.com/graphql-hive/console/commit/0e3ce400706c625925161f8d59cc5691380cef07\"\u003e\u003ccode\u003e0e3ce40\u003c/code\u003e\u003c/a\u003e\nThanks \u003ca href=\"https://github.com/mskorokhodov\"\u003e\u003ccode\u003e@​mskorokhodov\u003c/code\u003e\u003c/a\u003e! - Hive laboratory introspection query to\ninclude active tab headers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies\n[\u003ca href=\"https://github.com/graphql-hive/console/commit/0e3ce400706c625925161f8d59cc5691380cef07\"\u003e\u003ccode\u003e0e3ce40\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​graphql-hive/laboratory\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/graphql-hive/console/commits/@graphql-hive/render-laboratory@0.1.8/packages/render-laboratory\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/common` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/4b6420b9a703f8608d86bcbff88d045511ce36d6\"\u003e\u003ccode\u003e4b6420b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/common/issues/16902\"\u003e#16902\u003c/a\u003e from QusaiAlbonni/fix/filetype-validator-buffer-mes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/33515ed0576ed47bf7c9fe1cba85cf5b9bfe52de\"\u003e\u003ccode\u003e33515ed\u003c/code\u003e\u003c/a\u003e fix(common): improve missing buffer error message in file type validator\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/9226a6f6134741976144b967585967f3823f755a\"\u003e\u003ccode\u003e9226a6f\u003c/code\u003e\u003c/a\u003e fix: Add missing validateEach for UsePipes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/1501bc0600fa88a9d0d5b03ec8105f00e582bb48\"\u003e\u003ccode\u003e1501bc0\u003c/code\u003e\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/common\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d48f21d4a9c29340b20411c459c3d4cc340596da\"\u003e\u003ccode\u003ed48f21d\u003c/code\u003e\u003c/a\u003e fix(core): settle skipped provider initialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/2e290c69c952e71a9fb8b6bef31e71d0307ce88b\"\u003e\u003ccode\u003e2e290c6\u003c/code\u003e\u003c/a\u003e fix(core): fix deeply nested transient providers resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/958ff952c00bd5a25efa04ffaafac28721af7827\"\u003e\u003ccode\u003e958ff95\u003c/code\u003e\u003c/a\u003e fix(core): Delay SSE response .end() until flush\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7c10646a0573ff0f30224ca3ca8b7803ed6c6bf6\"\u003e\u003ccode\u003e7c10646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16753\"\u003e#16753\u003c/a\u003e from jkalberer/fix/sse-pipe-validation-error-status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/895fdf321e7089f0dcf24d73ce929e2f346c5bb3\"\u003e\u003ccode\u003e895fdf3\u003c/code\u003e\u003c/a\u003e fix(core): Use strict null check for SSE message id\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/457630a65f404ee9d96ed84f6083767ef4b8ef8c\"\u003e\u003ccode\u003e457630a\u003c/code\u003e\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/platform-express` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/platform-express's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5e33ecfad88db4d9af659f38de56cd55c5c8ed10\"\u003e\u003ccode\u003e5e33ecf\u003c/code\u003e\u003c/a\u003e feat: add MulterOptions and MulterField interfaces for express platform confi...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/platform-express\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/testing` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/testing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/2e290c69c952e71a9fb8b6bef31e71d0307ce88b\"\u003e\u003ccode\u003e2e290c6\u003c/code\u003e\u003c/a\u003e fix(core): fix deeply nested transient providers resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/testing\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 22.0.0 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nats-io/nats-core` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nats-io/nats.js/releases\"\u003e@​nats-io/nats-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIn addition to fixes and general enhancements this release adds support for exciting nats-server 2.14 JetStream features.\u003c/p\u003e\n\u003cp\u003e[CORE]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: protocol integer parsing rejects non-sensical values (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/373\"\u003e#373\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eSymbol.asyncDispose\u003c/code\u003e on connections/subscriptions — \u003ccode\u003eusing\u003c/code\u003e auto-closes on scope exit (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/396\"\u003e#396\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: inboxes match go client \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;token\u0026gt;\u003c/code\u003e (was \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;nuid\u0026gt;\u003c/code\u003e); nuids now base62 see \u003ca href=\"https://github.com/nats-io/nuid.js\"\u003enuid.js\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/398\"\u003e#398\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003egetServers()\u003c/code\u003e/\u003ccode\u003esetServers()\u003c/code\u003e — clients can list known servers and switch clusters (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003ereconnectToServer\u003c/code\u003e connection option — pick next server and dial delay during reconnect (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[JETSTREAM]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: message schedules — messages fire on cron — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/381\"\u003e#381\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eresetConsumer()\u003c/code\u003e/\u003ccode\u003ereset()\u003c/code\u003e on \u003ccode\u003eJetStreamManager\u003c/code\u003e — reset durable consumer ack sequence; enables order consumers backed by durables — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/391\"\u003e#391\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: push consumers stuck on heartbeat (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/375\"\u003e#375\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eJetStreamAccountStats\u003c/code\u003e/\u003ccode\u003eJetStreamApiStats\u003c/code\u003e — add \u003ccode\u003ereserved_memory\u003c/code\u003e, \u003ccode\u003ereserved_storage\u003c/code\u003e, \u003ccode\u003einflight\u003c/code\u003e; \u003ccode\u003emax_bytes_required\u003c/code\u003e is boolean; tiers use dynamic record (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/376\"\u003e#376\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: fast ingest — exposed via \u003ca href=\"https://github.com/synadia-io/orbit.js/tree/main/fastingest\"\u003eorbit fastingest\u003c/a\u003e — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/379\"\u003e#379\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: configure stream mirror/source consumers — \u003ccode\u003eStreamSource.consumer\u003c/code\u003e, \u003ccode\u003eStreamConsumerSource\u003c/code\u003e, \u003ccode\u003eAckPolicy.FlowControl\u003c/code\u003e — \u003cstrong\u003erequires \u003ca href=\"https://github.com/nats-io/nats-server/releases/tag/v2.14.0\"\u003enats-server 2.14+\u003c/a\u003e\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/399\"\u003e#399\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[KV]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: KV \u003ccode\u003ecreate\u003c/code\u003e passes \u003ccode\u003emarkerTTL\u003c/code\u003e via \u003ccode\u003e_put\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/367\"\u003e#367\u003c/a\u003e) by \u003ca href=\"https://github.com/Bre77\"\u003e\u003ccode\u003e@​Bre77\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[OBJ]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: faster entry add via fast ingest (\u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e); native SHA-256 when available. Note that the fast ingest integration requires a hidden \u003ccode\u003eallowBatched: true\u003c/code\u003e to be specified as it is still experimental (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/394\"\u003e#394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/397\"\u003e#397\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[DOCS]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: esbuild build instructions (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/378\"\u003e#378\u003c/a\u003e) by \u003ca href=\"https://github.com/AntoninPOLY\"\u003e\u003ccode\u003e@​AntoninPOLY\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExamples: websocket usage in modern frameworks (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/392\"\u003e#392\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Bre77\"\u003e\u003ccode\u003e@​Bre77\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/367\"\u003e#367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Jarema\"\u003e\u003ccode\u003e@​Jarema\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AntoninPOLY\"\u003e\u003ccode\u003e@​AntoninPOLY\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/378\"\u003e#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\"\u003ehttps://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.4.0-4\u003c/h2\u003e\n\u003cp\u003ecanary\u003c/p\u003e\n\u003ch2\u003ev3.4.0-4\u003c/h2\u003e\n\u003cp\u003ecanary\u003c/p\u003e\n\u003ch2\u003ev3.4.0-2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/95e76e79d9feaa0a0bf3b0e8da526ec5a3460979\"\u003e\u003ccode\u003e95e76e7\u003c/code\u003e\u003c/a\u003e bump version to 3.4.0 (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/c2b6333c5e6ff015d0de15b5f7459c2cc53420b2\"\u003e\u003ccode\u003ec2b6333\u003c/code\u003e\u003c/a\u003e canary (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/409\"\u003e#409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/644b711f4b8ef3a2bcdd8c96669245f50dc1240b\"\u003e\u003ccode\u003e644b711\u003c/code\u003e\u003c/a\u003e canary bumps (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/408\"\u003e#408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/949440d5ae25a8e7bbcdbed144a18333e74f0dbe\"\u003e\u003ccode\u003e949440d\u003c/code\u003e\u003c/a\u003e updated badges (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/407\"\u003e#407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/f92bb8b42e1d788fc3a0c6af3054e5a454f71fcd\"\u003e\u003ccode\u003ef92bb8b\u003c/code\u003e\u003c/a\u003e simplify type for FastIngestOptions inline type (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/406\"\u003e#406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/4fca0055dc2bf01ebabe3639d12605a66741c30d\"\u003e\u003ccode\u003e4fca005\u003c/code\u003e\u003c/a\u003e fix for slow type in JSR (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/994da46836e84c5e237b624ba4cb9ec81070aa3c\"\u003e\u003ccode\u003e994da46\u003c/code\u003e\u003c/a\u003e expose reconnectToServer (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/95b612b584d9b023a6432363eaf1a2b4f08df47d\"\u003e\u003ccode\u003e95b612b\u003c/code\u003e\u003c/a\u003e bump versions (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/402\"\u003e#402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/543c640519cc6e342e9d032e3ee48bae60a06843\"\u003e\u003ccode\u003e543c640\u003c/code\u003e\u003c/a\u003e internal test util not part of the distribution (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/401\"\u003e#401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/2c2ad5de340dba609c8fc605f1701f1afff7b856\"\u003e\u003ccode\u003e2c2ad5d\u003c/code\u003e\u003c/a\u003e feat(core): setServers/getServers (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nats-io/transport-node` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nats-io/nats.js/releases\"\u003e@​nats-io/transport-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIn addition to fixes and general enhancements this release adds support for exciting nats-server 2.14 JetStream features.\u003c/p\u003e\n\u003cp\u003e[CORE]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: protocol integer parsing rejects non-sensical values (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/373\"\u003e#373\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eSymbol.asyncDispose\u003c/code\u003e on connections/subscriptions — \u003ccode\u003eusing\u003c/code\u003e auto-closes on scope exit (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/396\"\u003e#396\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: inboxes match go client \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;token\u0026gt;\u003c/code\u003e (was \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;nuid\u0026gt;\u003c/code\u003e); nuids now base62 see \u003ca href=\"https://github.com/nats-io/nuid.js\"\u003enuid.js\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/398\"\u003e#398\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003egetServers()\u003c/code\u003e/\u003ccode\u003esetServers()\u003c/code\u003e — clients can list known servers and switch clusters (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003ereconnectToServer\u003c/code\u003e connection option — pick next server and dial delay during reconnect (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[JETSTREAM]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: message schedules — messages fire on cron — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/381\"\u003e#381\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eresetConsumer()\u003c/code\u003e/\u003ccode\u003ereset()\u003c/code\u003e on \u003ccode\u003eJetStreamManager\u003c/code\u003e — reset durable consumer ack sequence; enables order consumers backed by durables — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/391\"\u003e#391\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: push consumers stuck on heartbeat (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/375\"\u003e#375\u003c/a\u003e) by \u003ca href=\"https://github.com/ari...\n\n_Description has been truncated_","html_url":"https://github.com/graphql-hive/gateway/pull/2370","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-hive%2Fgateway/issues/2370","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2370/packages"},{"uuid":"4471700212","node_id":"PR_kwDOPeUieM7cx8Gd","number":165,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T05:50:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:48:09.000Z","updated_at":"2026-05-24T05:50:19.000Z","time_to_close":471729,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"file-type","old_version":"20.5.0","new_version":"21.1.0","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"uuid","old_version":"10.0.0","new_version":"13.0.2","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /book-talk-ts directory: [file-type](https://github.com/sindresorhus/file-type), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `file-type` from 20.5.0 to 21.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js 20  24aec1f\u003c/li\u003e\n\u003cli\u003eDrop Adobe Illustrator (.ai) detection support (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/743\"\u003e#743\u003c/a\u003e)  af169f3\u003c/li\u003e\n\u003cli\u003eCorrect Matroska (video) MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/753\"\u003e#753\u003c/a\u003e)  f53f5ff\u003c/li\u003e\n\u003cli\u003eCorrect FLAC MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/755\"\u003e#755\u003c/a\u003e)  b9fda36\u003c/li\u003e\n\u003cli\u003eCorrect Apache Parquet MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/748\"\u003e#748\u003c/a\u003e)  98e3f8e\u003c/li\u003e\n\u003cli\u003eCorrect Apache Arrow MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/754\"\u003e#754\u003c/a\u003e)  7184775\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow options to be directly passed to exported functions (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/752\"\u003e#752\u003c/a\u003e)  d264029\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003empegOffsetTolerance\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/646\"\u003e#646\u003c/a\u003e)  c40840a\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix detection of some PAX TAR formats (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/762\"\u003e#762\u003c/a\u003e)  574d0d6\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.5.0...v21.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v20.5.0...v21.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ae8afc868bd458504d71717639fdb42c5f8c2266\"\u003e\u003ccode\u003eae8afc8\u003c/code\u003e\u003c/a\u003e 21.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7ad3a90a3e946f0f55d84d639e89f0025ea702ad\"\u003e\u003ccode\u003e7ad3a90\u003c/code\u003e\u003c/a\u003e Fix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/1511507734b1bf39f8b8b5f293f6c86148991b5e\"\u003e\u003ccode\u003e1511507\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003e@file-type/av\u003c/code\u003e third-party file-type detectors (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/772\"\u003e#772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/b461a210a4ef994194836fcaabd29ecc86d75931\"\u003e\u003ccode\u003eb461a21\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003estrtok3.parseBlob\u003c/code\u003e for improved Blob handling (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/771\"\u003e#771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/f8d62bedcd92edba5597a8e041debb782e78332c\"\u003e\u003ccode\u003ef8d62be\u003c/code\u003e\u003c/a\u003e Add support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0db61ecbbbfb6fc67cf5ee6c6b7cc244a19b82b9\"\u003e\u003ccode\u003e0db61ec\u003c/code\u003e\u003c/a\u003e Add support for Windows \u0026lt; 2000 registry (.reg) files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/766\"\u003e#766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7d2ddcfcb26d5c3bf91d29bf11cedc6e42ac422f\"\u003e\u003ccode\u003e7d2ddcf\u003c/code\u003e\u003c/a\u003e Add support for Windows ≥ 2000 registry (\u003ccode\u003e.reg\u003c/code\u003e) files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/765\"\u003e#765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/1a9b1bbc027ae093c5b3d07e431b7702768a087b\"\u003e\u003ccode\u003e1a9b1bb\u003c/code\u003e\u003c/a\u003e Internal: Add UTF-16 (BE and LE) string compare (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/eda03a7b0554e93f6902588d2c6cc11af62b7859\"\u003e\u003ccode\u003eeda03a7\u003c/code\u003e\u003c/a\u003e Add detector for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c54c7444ba5445a360cc40787fd1f26bb2765cec\"\u003e\u003ccode\u003ec54c744\u003c/code\u003e\u003c/a\u003e 21.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.5.0...v21.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 13.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/v13.0.2/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/bd349769499885c496399900d6788afabf6f142a\"\u003e\u003ccode\u003ebd34976\u003c/code\u003e\u003c/a\u003e chore(13.x): release 13.0.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/953\"\u003e#953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e\u003ccode\u003e49ccb35\u003c/code\u003e\u003c/a\u003e fix: rerelease to fix provenance.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/fc3a84d2443a2aad3c54a8c829375d0d71939ff0\"\u003e\u003ccode\u003efc3a84d\u003c/code\u003e\u003c/a\u003e chore: update workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f01d6dd2bee5a10be626bea171bf86def7c554b4\"\u003e\u003ccode\u003ef01d6dd\u003c/code\u003e\u003c/a\u003e chore: fix workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0643802db81cece7ee445f5147529d7a77394630\"\u003e\u003ccode\u003e0643802\u003c/code\u003e\u003c/a\u003e Merge branch '13.x' of github.com:uuidjs/uuid into 13.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e52c9ceac2c0caab66389f6a7b04b321ae39ac83\"\u003e\u003ccode\u003ee52c9ce\u003c/code\u003e\u003c/a\u003e chore: fix workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e5424b6daa6977ab6cc9b21e7ef5556dc6b94ab3\"\u003e\u003ccode\u003ee5424b6\u003c/code\u003e\u003c/a\u003e chore(13.x): release 13.0.1 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/943\"\u003e#943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/04f488b2f16786865036f990fec4c438ce1c1507\"\u003e\u003ccode\u003e04f488b\u003c/code\u003e\u003c/a\u003e workflow: update release-please workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e\u003ccode\u003e9d27ddf\u003c/code\u003e\u003c/a\u003e fix: backport fix for GHSA-w5hq-g745-h8pq\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/24c123841fdd1cd66edf11cb4b9b49c9c0e1fc12\"\u003e\u003ccode\u003e24c1238\u003c/code\u003e\u003c/a\u003e chore(main): release 13.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/902\"\u003e#902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v13.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hjch0211/book-talk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/hjch0211/book-talk/pull/165","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjch0211%2Fbook-talk/issues/165","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/165/packages"},{"uuid":"4464106350","node_id":"PR_kwDORPf6cM7cZt7x","number":53,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript","app: web-ui","channel: zalo","channel: matrix","extensions: diagnostics-otel"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T17:30:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T16:17:30.000Z","updated_at":"2026-05-19T17:30:07.000Z","time_to_close":177155,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"hono","old_version":"4.12.7","new_version":"4.12.18","repository_url":"https://github.com/honojs/hono"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"dompurify","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"5.4.21","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.11.2","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"8.3.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"sanitize-html","old_version":"2.17.0","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [hono](https://github.com/honojs/hono) | `4.12.7` | `4.12.18` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.2` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `6.4.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.11.2` | `11.12.3` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `8.3.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.0` | `2.17.4` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/zalo directory: [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /ui directory: [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.7 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.16\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eUnvalidated JSX Tag Names in hono/jsx May Allow HTML Injection\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX tag names when using \u003ccode\u003ejsx()\u003c/code\u003e or \u003ccode\u003ecreateElement()\u003c/code\u003e, which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432\u003c/p\u003e\n\u003ch3\u003ebodyLimit() can be bypassed for chunked / unknown-length requests\u003c/h3\u003e\n\u003cp\u003eAffects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v\u003c/p\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/90d4182aabd328e2ec6af3f25ec62ddc574ad8cb\"\u003e\u003ccode\u003e90d4182\u003c/code\u003e\u003c/a\u003e 4.12.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.7...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.11.2 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🚀 Enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for multiple albumartists \u003ca href=\"https://github.com/ma225tq\"\u003e\u003ccode\u003e@​ma225tq\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2577\"\u003e#2577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.0\"\u003emusic-metadata@11.12.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.11.2...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092...\n\n_Description has been truncated_","html_url":"https://github.com/NJX-njx/opensoul/pull/53","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NJX-njx%2Fopensoul/issues/53","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/53/packages"}],"issue_packages":[{"old_version":"21.3.4","new_version":"22.0.1","update_type":"major","path":null,"pr_created_at":"2026-06-14T17:46:53.000Z","version_change":"21.3.4 → 22.0.1","issue":{"uuid":"4660034994","node_id":"PR_kwDOSCvGas7mSBGX","number":89,"state":"closed","title":"chore(bash): bump the bash-dependencies group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript","pkg:bash"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-15T03:17:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-14T17:46:53.000Z","updated_at":"2026-06-15T03:17:32.000Z","time_to_close":34237,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(bash): bump","group_name":"bash-dependencies","update_count":18,"packages":[{"name":"diff","old_version":"8.0.4","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"5.6.0","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"file-type","old_version":"21.3.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"ini","old_version":"6.0.0","new_version":"7.0.0","repository_url":"https://github.com/npm/ini"},{"name":"isomorphic-git","old_version":"1.37.5","new_version":"1.38.4","repository_url":"https://github.com/isomorphic-git/isomorphic-git"},{"name":"re2js","old_version":"1.4.0","new_version":"2.8.3","repository_url":"https://github.com/le0pard/re2js"},{"name":"web-tree-sitter","old_version":"0.26.8","new_version":"0.26.9","repository_url":"https://github.com/tree-sitter/tree-sitter"},{"name":"yaml","old_version":"2.8.3","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"zod","old_version":"4.3.6","new_version":"4.4.3","repository_url":"https://github.com/colinhacks/zod"},{"name":"@biomejs/biome","old_version":"2.4.12","new_version":"2.5.0","repository_url":"https://github.com/biomejs/biome"},{"name":"@types/node","old_version":"20.19.39","new_version":"25.9.3","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@vitest/coverage-v8","old_version":"4.1.4","new_version":"4.1.8","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"esbuild","old_version":"0.27.7","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"fast-check","old_version":"3.23.2","new_version":"4.8.0","repository_url":"https://github.com/dubzzz/fast-check"},{"name":"knip","old_version":"5.88.1","new_version":"6.16.1","repository_url":"https://github.com/webpro-nl/knip"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"},{"name":"vitest","old_version":"4.1.4","new_version":"4.1.8","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"node-liblzma","old_version":"2.2.0","new_version":"5.0.1","repository_url":"https://github.com/oorabona/node-liblzma"}],"path":null,"ecosystem":"npm"},"body":"Bumps the bash-dependencies group with 18 updates in the /packages/bash directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `8.0.4` | `9.0.0` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.6.0` | `5.8.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.4` | `22.0.1` |\n| [ini](https://github.com/npm/ini) | `6.0.0` | `7.0.0` |\n| [isomorphic-git](https://github.com/isomorphic-git/isomorphic-git) | `1.37.5` | `1.38.4` |\n| [re2js](https://github.com/le0pard/re2js) | `1.4.0` | `2.8.3` |\n| [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.8` | `0.26.9` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |\n| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |\n| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.12` | `2.5.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.39` | `25.9.3` |\n| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.4` | `4.1.8` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.27.7` | `0.28.1` |\n| [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) | `3.23.2` | `4.8.0` |\n| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `5.88.1` | `6.16.1` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.8` |\n| [node-liblzma](https://github.com/oorabona/node-liblzma) | `2.2.0` | `5.0.1` |\n\n\nUpdates `diff` from 8.0.4 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/8.0.4...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.6.0 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupdate strnum, FXB. Use xml-naming for DOCTYPE\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is by deault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.9.0\u003c/em\u003e (not released yet)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eyou can set hex, binary, enotation, infinity, unicode\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003evalidate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library.\nUser can override rules by overriding EntityDecoder.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/4bcee44a034ec99706b68b16e31f4072505b13e9\"\u003e\u003ccode\u003e4bcee44\u003c/code\u003e\u003c/a\u003e for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8a287bf2524f0a3a4c32be7edaedced3a9839ab8\"\u003e\u003ccode\u003e8a287bf\u003c/code\u003e\u003c/a\u003e release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/50b01dcacb8fe21f986a9e7b55800bd96401fe58\"\u003e\u003ccode\u003e50b01dc\u003c/code\u003e\u003c/a\u003e Use \u0026quot;\u003ccode\u003e@​byspec/xml\u003c/code\u003e\u0026quot; for testing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/816b652c83249edc1569c523f7bc3e13b3ef929c\"\u003e\u003ccode\u003e816b652\u003c/code\u003e\u003c/a\u003e update typings to mark validator use deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8ad0e650bcdb05001b533f27bc01f2e873d87cc5\"\u003e\u003ccode\u003e8ad0e65\u003c/code\u003e\u003c/a\u003e update fast-xml-builder and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/58e967ed7f8208e4896b607cf5a057a5659f97c6\"\u003e\u003ccode\u003e58e967e\u003c/code\u003e\u003c/a\u003e integrate xml-naming\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fa3c3af8e0d59e9fe213785a1b204b39338d2b\"\u003e\u003ccode\u003e42fa3c3\u003c/code\u003e\u003c/a\u003e separate XML validator, UPDATE DOCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.6.0...v5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.4 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ini` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/ini/releases\"\u003eini's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003e7.0.0\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003e⚠️ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eini\u003c/code\u003e now supports node \u003ccode\u003e^22.22.2 || ^24.15.0 || \u0026gt;=26.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003etemplate-oss-apply\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e bump to new node engine range (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/293\"\u003e#293\u003c/a\u003e bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/296\"\u003e#296\u003c/a\u003e bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/npm-cli-bot\"\u003e\u003ccode\u003e@​npm-cli-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/ini/blob/main/CHANGELOG.md\"\u003eini's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003e7.0.0\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003e⚠️ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eini\u003c/code\u003e now supports node \u003ccode\u003e^22.22.2 || ^24.15.0 || \u0026gt;=26.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003etemplate-oss-apply\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e bump to new node engine range (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/301\"\u003e#301\u003c/a\u003e template-oss-apply (\u003ca href=\"https://github.com/owlstronaut\"\u003e\u003ccode\u003e@​owlstronaut\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/293\"\u003e#293\u003c/a\u003e bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/ini/pull/296\"\u003e#296\u003c/a\u003e bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e) (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/npm-cli-bot\"\u003e\u003ccode\u003e@​npm-cli-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/847941ced4fb8465f0ccb383fd8b15c7e5aa09fc\"\u003e\u003ccode\u003e847941c\u003c/code\u003e\u003c/a\u003e chore: release 7.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/f6ed5bee3d7b1c175b687c703213217b23df9199\"\u003e\u003ccode\u003ef6ed5be\u003c/code\u003e\u003c/a\u003e chore: template-oss-apply\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/55b6841261aad580ce979c1ada97885a0617b965\"\u003e\u003ccode\u003e55b6841\u003c/code\u003e\u003c/a\u003e feat!: bump to new node engine range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/2b11ba8283afa33211844be6fa29794970ccf7b7\"\u003e\u003ccode\u003e2b11ba8\u003c/code\u003e\u003c/a\u003e feat!: template-oss-apply\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/e8d16cbbbb91d503fe14163024bd2a01a0446d32\"\u003e\u003ccode\u003ee8d16cb\u003c/code\u003e\u003c/a\u003e deps \u0026amp; engine update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/3661dce193f03675ec6ddc0938e2483d0ab41f38\"\u003e\u003ccode\u003e3661dce\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.28.0 to 4.28.1 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/5d67f4b487a00aa3e2119776192030356e0161ba\"\u003e\u003ccode\u003e5d67f4b\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.27.1 to 4.28.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/ini/commit/a2c835ec4690c5e67651a403d0f952aaff018f42\"\u003e\u003ccode\u003ea2c835e\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/eslint-config\u003c/code\u003e from 5.1.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/npm/ini/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/npm/ini/compare/v6.0.0...v7.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `isomorphic-git` from 1.37.5 to 1.38.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/releases\"\u003eisomorphic-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.3...v1.38.4\"\u003e1.38.4\u003c/a\u003e (2026-06-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass credential config username to auth callbacks (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2346\"\u003e#2346\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/d9920c57b254fc7de846c9b939cb5eb31242f1a2\"\u003ed9920c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.2...v1.38.3\"\u003e1.38.3\u003c/a\u003e (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove internal error reporting guidance (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2345\"\u003e#2345\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/955acf37adb69e50b98e92addb468f241cfb62e7\"\u003e955acf3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.1...v1.38.2\"\u003e1.38.2\u003c/a\u003e (2026-05-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd bot authoring to release commit (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/328b1baba0e24c91143c6a26cf947c3e34d3752b\"\u003e328b1ba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Clever Cloud logo to Acknowledgments in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2334\"\u003e#2334\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/89f441dce81190037c919e5885db192b88b3072a\"\u003e89f441d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.38.0...v1.38.1\"\u003e1.38.1\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloudflare logo (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2316\"\u003e#2316\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a71a835fc12eb5d42bb22f2c3afaa35ed03aaf74\"\u003ea71a835\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.9...v1.38.0\"\u003e1.38.0\u003c/a\u003e (2026-05-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix images in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2315\"\u003e#2315\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/007951fe698f6176a2730da82e342e82d86310c7\"\u003e007951f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd refresh option to status and statusMatrix (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2313\"\u003e#2313\u003c/a\u003e) (\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a7420b7d2c66cc15238db41a711ce8c8cd3b1b9e\"\u003ea7420b7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.37.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.8...v1.37.9\"\u003e1.37.9\u003c/a\u003e (2026-05-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/d9920c57b254fc7de846c9b939cb5eb31242f1a2\"\u003e\u003ccode\u003ed9920c5\u003c/code\u003e\u003c/a\u003e fix: pass credential config username to auth callbacks (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2346\"\u003e#2346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/955acf37adb69e50b98e92addb468f241cfb62e7\"\u003e\u003ccode\u003e955acf3\u003c/code\u003e\u003c/a\u003e fix: Improve internal error reporting guidance (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2345\"\u003e#2345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/89f441dce81190037c919e5885db192b88b3072a\"\u003e\u003ccode\u003e89f441d\u003c/code\u003e\u003c/a\u003e fix: add Clever Cloud logo to Acknowledgments in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2334\"\u003e#2334\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/328b1baba0e24c91143c6a26cf947c3e34d3752b\"\u003e\u003ccode\u003e328b1ba\u003c/code\u003e\u003c/a\u003e fix: add bot authoring to release commit (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a71a835fc12eb5d42bb22f2c3afaa35ed03aaf74\"\u003e\u003ccode\u003ea71a835\u003c/code\u003e\u003c/a\u003e fix: add cloudflare logo (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2316\"\u003e#2316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/a7420b7d2c66cc15238db41a711ce8c8cd3b1b9e\"\u003e\u003ccode\u003ea7420b7\u003c/code\u003e\u003c/a\u003e feat: add refresh option to status and statusMatrix (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/007951fe698f6176a2730da82e342e82d86310c7\"\u003e\u003ccode\u003e007951f\u003c/code\u003e\u003c/a\u003e fix: Fix images in README (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2315\"\u003e#2315\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/6e99054362a6ace80bbd3e78fe7eae10fbe86dcc\"\u003e\u003ccode\u003e6e99054\u003c/code\u003e\u003c/a\u003e fix: point \u0026quot;jsdelivr\u0026quot; field to minified browser build (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/6972b1ee4186199427be9230e6c49d99e8967433\"\u003e\u003ccode\u003e6972b1e\u003c/code\u003e\u003c/a\u003e fix: remove duplicated contriobutors (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/commit/199714a91c8fc3546d4abcb0591310acabcf08af\"\u003e\u003ccode\u003e199714a\u003c/code\u003e\u003c/a\u003e fix: browser entrypoint not being used in some non-node build contexts (\u003ca href=\"https://redirect.github.com/isomorphic-git/isomorphic-git/issues/2309\"\u003e#2309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isomorphic-git/isomorphic-git/compare/v1.37.5...v1.38.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `re2js` from 1.4.0 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/le0pard/re2js/releases\"\u003ere2js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport customization of memory limit for RE2Set by \u003ca href=\"https://github.com/le0pard\"\u003e\u003ccode\u003e@​le0pard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/le0pard/re2js/pull/44\"\u003ele0pard/re2js#44\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.2...2.8.3\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.2...2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport more unicode categories, like \u003ccode\u003e\\p{Emoji}\u003c/code\u003e, \u003ccode\u003e\\p{Emoji_Component}\u003c/code\u003e, \u003ccode\u003e\\p{Emoji_Modifier}\u003c/code\u003e, \u003ccode\u003e\\p{ASCII_Hex_Digit}\u003c/code\u003e, etc\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.1...2.8.2\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to rolldown\u003c/li\u003e\n\u003cli\u003eFix typescript types for more methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.8.0...2.8.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ereplaceAll()\u003c/code\u003e and \u003ccode\u003ereplaceFirst()\u003c/code\u003e now support \u003ccode\u003ereplacement\u003c/code\u003e as function (additional to string type). \u003ca href=\"https://github.com/le0pard/re2js#using-a-replacer-function\"\u003eMore info\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.7.1...2.8.0\"\u003ehttps://github.com/le0pard/re2js/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize per-byte spawning loop for \u003ccode\u003eLOOKBEHINDS\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.7.0...2.7.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.7.0...2.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eInst.arg\u003c/code\u003e memory optimization\u003c/li\u003e\n\u003cli\u003eAST SyntaxError validation for \u003ccode\u003eLOOKBEHINDS\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.6.1...2.7.0\"\u003ehttps://github.com/le0pard/re2js/compare/2.6.1...2.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix desync bug in \u003ccode\u003ematchAll\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/le0pard/re2js/compare/2.6.0...2.6.1\"\u003ehttps://github.com/le0pard/re2js/compare/2.6.0...2.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ematchAll\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eMigrate to vitest by \u003ca href=\"https://github.com/le0pard\"\u003e\u003ccode\u003e@​le0pard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/le0pard/re2js/pull/42\"\u003ele0pard/re2js#42\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/le0pard/re2js/commits/2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `web-tree-sitter` from 0.26.8 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter/releases\"\u003eweb-tree-sitter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.26.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(actions): bump actions/cache to v5 by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5482\"\u003etree-sitter/tree-sitter#5482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.7 by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5514\"\u003etree-sitter/tree-sitter#5514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(loader): allow filenames with dots by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5538\"\u003etree-sitter/tree-sitter#5538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(rust): fix new clippy lints by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5539\"\u003etree-sitter/tree-sitter#5539\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: bump c test fixture to v0.24.2 by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5542\"\u003etree-sitter/tree-sitter#5542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): pass default optimization level in \u003ccode\u003egenerate_parser_for_grammar\u003c/code\u003e by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5543\"\u003etree-sitter/tree-sitter#5543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(dist): enable install via \u003ccode\u003ecargo binstall\u003c/code\u003e (\u003ca href=\"https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web/issues/5533\"\u003e#5533\u003c/a\u003e) by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5544\"\u003etree-sitter/tree-sitter#5544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a buffer over-read when parsing 4-byte UTF-16 characters. by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5549\"\u003etree-sitter/tree-sitter#5549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(query): overflow in capture pool ids + some perf by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5555\"\u003etree-sitter/tree-sitter#5555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: note zero point unbounded behavior in query functions by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5563\"\u003etree-sitter/tree-sitter#5563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.8 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5574\"\u003etree-sitter/tree-sitter#5574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cli): account for process versions \u0026gt; 5 in the parse command's pretty debug output. by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5577\"\u003etree-sitter/tree-sitter#5577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): improve error message for nonterminals used in immediate token rule by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5583\"\u003etree-sitter/tree-sitter#5583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(generate): rewrite \u003ccode\u003eparse_grammar\u003c/code\u003e with forward DFS by \u003ca href=\"https://github.com/WillLillis\"\u003e\u003ccode\u003e@​WillLillis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5584\"\u003etree-sitter/tree-sitter#5584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(wasm): load supertype tables for ABI 15 grammars by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5606\"\u003etree-sitter/tree-sitter#5606\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump wasmtime-c-api to v36.0.9 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5611\"\u003etree-sitter/tree-sitter#5611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Wasm language memory reads by \u003ca href=\"https://github.com/tree-sitter-ci-bot\"\u003e\u003ccode\u003e@​tree-sitter-ci-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5613\"\u003etree-sitter/tree-sitter#5613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease v0.26.9 by \u003ca href=\"https://github.com/clason\"\u003e\u003ccode\u003e@​clason\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tree-sitter/tree-sitter/pull/5612\"\u003etree-sitter/tree-sitter#5612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tree-sitter/tree-sitter/compare/v0.26.8...v0.26.9\"\u003ehttps://github.com/tree-sitter/tree-sitter/compare/v0.26.8...v0.26.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter/commit/7f534862c3ec939c3a6ee147f7600ef5c1bf900f\"\u003e\u003ccode\u003e7f53486\u003c/code\u003e\u003c/a\u003e release v0.26.9\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tree-sitter/tree-sitter/commits/v0.26.9/lib/binding_web\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.3 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.3...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zod` from 4.3.6 to 4.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/colinhacks/zod/releases\"\u003ezod's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003e2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003eb8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5941\"\u003e#5941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3\u003c/li\u003e\n\u003cli\u003e1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5901\"\u003e#5901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps\u003c/li\u003e\n\u003cli\u003e6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5791\"\u003e#5791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing\u003c/li\u003e\n\u003cli\u003ebbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents\u003c/li\u003e\n\u003cli\u003ecf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint\u003c/li\u003e\n\u003cli\u003e292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor\u003c/li\u003e\n\u003cli\u003e1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion\u003c/li\u003e\n\u003cli\u003e1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance\u003c/li\u003e\n\u003cli\u003ee20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes\u003c/li\u003e\n\u003cli\u003ee58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights\u003c/li\u003e\n\u003cli\u003e905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing\u003c/li\u003e\n\u003cli\u003ebf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md\u003c/li\u003e\n\u003cli\u003e8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch\u003c/li\u003e\n\u003cli\u003e02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5929\"\u003e#5929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated \u003ccode\u003ebaseUrl\u003c/code\u003e from tsconfig\u003c/li\u003e\n\u003cli\u003ec59d4474e3b4cad1b323462186cf607178ce8267 4.4.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow\u003c/li\u003e\n\u003cli\u003e95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations\u003c/li\u003e\n\u003cli\u003ecede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eedd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1\u003c/li\u003e\n\u003cli\u003e180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003cp\u003eThis is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.\u003c/p\u003e\n\u003ch2\u003ePotentially breaking bug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca\"\u003e\u003ccode\u003e1fb56a5\u003c/code\u003e\u003c/a\u003e docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559\"\u003e\u003ccode\u003ef3c9ec0\u003c/code\u003e\u003c/a\u003e 4.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8\"\u003e\u003ccode\u003ec2be4f8\u003c/code\u003e\u003c/a\u003e fix(v4): generalize optin/fallback to transform; restore preprocess on absent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168\"\u003e\u003ccode\u003e1cab693\u003c/code\u003e\u003c/a\u003e fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4\"\u003e\u003ccode\u003eb8dffe9\u003c/code\u003e\u003c/a\u003e docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170\"\u003e\u003ccode\u003e9195250\u003c/code\u003e\u003c/a\u003e docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f\"\u003e\u003ccode\u003e2c70332\u003c/code\u003e\u003c/a\u003e docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0\"\u003e\u003ccode\u003e7391be8\u003c/code\u003e\u003c/a\u003e docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2\"\u003e\u003ccode\u003e2aeec83\u003c/code\u003e\u003c/a\u003e docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9\"\u003e\u003ccode\u003e4c2fa95\u003c/code\u003e\u003c/a\u003e docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/colinhacks/zod/compare/v4.3.6...v4.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for zod since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@biomejs/biome` from 2.4.12 to 2.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/releases\"\u003e@​biomejs/biome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBiome CLI v2.5.0\u003c/h2\u003e\n\u003ch2\u003e2.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9539\"\u003e#9539\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/f0615fdae80fa7257fc1d0448d2027cb1acff46e\"\u003e\u003ccode\u003ef0615fd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added a new reporter called \u003ccode\u003econcise\u003c/code\u003e. When \u003ccode\u003e--reporter=concise\u003c/code\u003e is passed the commands \u003ccode\u003eformat\u003c/code\u003e, \u003ccode\u003elint\u003c/code\u003e, \u003ccode\u003echeck\u003c/code\u003e and \u003ccode\u003eci\u003c/code\u003e, the diagnostics are printed in a compact manner:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.\n! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.\n× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.\n× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9495\"\u003e#9495\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/2056b23812a17f9c9a9015e5b725faecb04647b5\"\u003e\u003ccode\u003e2056b23\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/aviraldua93\"\u003e\u003ccode\u003e@​aviraldua93\u003c/code\u003e\u003c/a\u003e! - Added the \u003ca href=\"https://biomejs.dev/linter/rules/use-key-with-click-events/\"\u003e\u003ccode\u003euseKeyWithClickEvents\u003c/code\u003e\u003c/a\u003e a11y lint rule for HTML files (\u003ccode\u003e.html\u003c/code\u003e, \u003ccode\u003e.vue\u003c/code\u003e, \u003ccode\u003e.svelte\u003c/code\u003e, \u003ccode\u003e.astro\u003c/code\u003e). This is a port of the existing JSX rule. The rule enforces that elements with an \u003ccode\u003eonclick\u003c/code\u003e handler also have at least one keyboard event handler (\u003ccode\u003eonkeydown\u003c/code\u003e, \u003ccode\u003eonkeyup\u003c/code\u003e, or \u003ccode\u003eonkeypress\u003c/code\u003e) to ensure keyboard accessibility.\u003c/p\u003e\n\u003cp\u003eInherently keyboard-accessible elements (\u003ccode\u003e\u0026lt;a\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;button\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;input\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;select\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;textarea\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;option\u0026gt;\u003c/code\u003e) are excluded, as are elements hidden from assistive technologies (\u003ccode\u003earia-hidden\u003c/code\u003e) or with \u003ccode\u003erole=\u0026quot;presentation\u0026quot;\u003c/code\u003e / \u003ccode\u003erole=\u0026quot;none\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Invalid: no keyboard handler --\u0026gt;\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\n\u003cp\u003e\u0026lt;!-- Valid: has keyboard handler --\u0026gt;\u003cbr /\u003e\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot; onkeydown=\u0026quot;handleKeyDown()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Valid: inherently keyboard-accessible --\u0026gt;\u003cbr /\u003e\n\u0026lt;button onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Submit\u0026lt;/button\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-undeclared-classes/\"\u003e\u003ccode\u003enoUndeclaredClasses\u003c/code\u003e\u003c/a\u003e for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in \u003ccode\u003eclass=\u0026quot;...\u0026quot;\u003c/code\u003e (or \u003ccode\u003eclassName\u003c/code\u003e) attributes that are not defined in any \u003ccode\u003e\u0026lt;style\u0026gt;\u003c/code\u003e block or linked stylesheet reachable from the file.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- .typo is used but never defined --\u0026gt;\n\u0026lt;html\u0026gt;\n  \u0026lt;head\u0026gt;\n    \u0026lt;style\u0026gt;\n      .button {\n        color: blue;\n      }\n    \u0026lt;/style\u0026gt;\n  \u0026lt;/head\u0026gt;\n  \u0026lt;body\u0026gt;\n    \u0026lt;div class=\u0026quot;button typo\u0026quot;\u0026gt;\u0026lt;/div\u0026gt;\n  \u0026lt;/body\u0026gt;\n\u0026lt;/html\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-unused-classes/\"\u003e\u003ccode\u003enoUnusedClasses\u003c/code\u003e\u003c/a\u003e for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md\"\u003e@​biomejs/biome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9539\"\u003e#9539\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/f0615fdae80fa7257fc1d0448d2027cb1acff46e\"\u003e\u003ccode\u003ef0615fd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added a new reporter called \u003ccode\u003econcise\u003c/code\u003e. When \u003ccode\u003e--reporter=concise\u003c/code\u003e is passed the commands \u003ccode\u003eformat\u003c/code\u003e, \u003ccode\u003elint\u003c/code\u003e, \u003ccode\u003echeck\u003c/code\u003e and \u003ccode\u003eci\u003c/code\u003e, the diagnostics are printed in a compact manner:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.\n! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.\n× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.\n× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9495\"\u003e#9495\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/2056b23812a17f9c9a9015e5b725faecb04647b5\"\u003e\u003ccode\u003e2056b23\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/aviraldua93\"\u003e\u003ccode\u003e@​aviraldua93\u003c/code\u003e\u003c/a\u003e! - Added the \u003ca href=\"https://biomejs.dev/linter/rules/use-key-with-click-events/\"\u003e\u003ccode\u003euseKeyWithClickEvents\u003c/code\u003e\u003c/a\u003e a11y lint rule for HTML files (\u003ccode\u003e.html\u003c/code\u003e, \u003ccode\u003e.vue\u003c/code\u003e, \u003ccode\u003e.svelte\u003c/code\u003e, \u003ccode\u003e.astro\u003c/code\u003e). This is a port of the existing JSX rule. The rule enforces that elements with an \u003ccode\u003eonclick\u003c/code\u003e handler also have at least one keyboard event handler (\u003ccode\u003eonkeydown\u003c/code\u003e, \u003ccode\u003eonkeyup\u003c/code\u003e, or \u003ccode\u003eonkeypress\u003c/code\u003e) to ensure keyboard accessibility.\u003c/p\u003e\n\u003cp\u003eInherently keyboard-accessible elements (\u003ccode\u003e\u0026lt;a\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;button\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;input\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;select\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;textarea\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;option\u0026gt;\u003c/code\u003e) are excluded, as are elements hidden from assistive technologies (\u003ccode\u003earia-hidden\u003c/code\u003e) or with \u003ccode\u003erole=\u0026quot;presentation\u0026quot;\u003c/code\u003e / \u003ccode\u003erole=\u0026quot;none\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Invalid: no keyboard handler --\u0026gt;\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\n\u003cp\u003e\u0026lt;!-- Valid: has keyboard handler --\u0026gt;\u003cbr /\u003e\n\u0026lt;div onclick=\u0026quot;handleClick()\u0026quot; onkeydown=\u0026quot;handleKeyDown()\u0026quot;\u0026gt;Click me\u0026lt;/div\u0026gt;\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Valid: inherently keyboard-accessible --\u0026gt;\u003cbr /\u003e\n\u0026lt;button onclick=\u0026quot;handleClick()\u0026quot;\u0026gt;Submit\u0026lt;/button\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-undeclared-classes/\"\u003e\u003ccode\u003enoUndeclaredClasses\u003c/code\u003e\u003c/a\u003e for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in \u003ccode\u003eclass=\u0026quot;...\u0026quot;\u003c/code\u003e (or \u003ccode\u003eclassName\u003c/code\u003e) attributes that are not defined in any \u003ccode\u003e\u0026lt;style\u0026gt;\u003c/code\u003e block or linked stylesheet reachable from the file.\u003c/p\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- .typo is used but never defined --\u0026gt;\n\u0026lt;html\u0026gt;\n  \u0026lt;head\u0026gt;\n    \u0026lt;style\u0026gt;\n      .button {\n        color: blue;\n      }\n    \u0026lt;/style\u0026gt;\n  \u0026lt;/head\u0026gt;\n  \u0026lt;body\u0026gt;\n    \u0026lt;div class=\u0026quot;button typo\u0026quot;\u0026gt;\u0026lt;/div\u0026gt;\n  \u0026lt;/body\u0026gt;\n\u0026lt;/html\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9152\"\u003e#9152\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/9ec8500dabc7305cbe04ecf27a84a1450f012c0b\"\u003e\u003ccode\u003e9ec8500\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Added new nursery lint rule \u003ca href=\"https://biomejs.dev/linter/rules/no-unused-classes/\"\u003e\u003ccode\u003enoUnusedClasses\u003c/code\u003e\u003c/a\u003e for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* styles.css — .ghost is never used in any importing file */\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/c0b98327a3b14e44d8fbd9a11481bf56c505b8ed\"\u003e\u003ccode\u003ec0b9832\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10499\"\u003e#10499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/995c1ffeca039787c93370fed8b970a057e9c073\"\u003e\u003ccode\u003e995c1ff\u003c/code\u003e\u003c/a\u003e feat(lint): add useFunctionComponentDefinition rule (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10498\"\u003e#10498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/311c2b28d2617a66e710ca3391f42ce62c4abfe1\"\u003e\u003ccode\u003e311c2b2\u003c/code\u003e\u003c/a\u003e fix(biome_configuration): avoid Markdown links in JSON schema descriptions (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/04c3f19b9c28f39d27412006fdf916a352ab8def\"\u003e\u003ccode\u003e04c3f19\u003c/code\u003e\u003c/a\u003e fix: docs and readme (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10584\"\u003e#10584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/961f41c9646166ce017014b0c5bc2492d13a0919\"\u003e\u003ccode\u003e961f41c\u003c/code\u003e\u003c/a\u003e refactor(useExportType): improve docs and code (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10569\"\u003e#10569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/78075b7c7cb7490c730a96f4ee9776c9e77826e7\"\u003e\u003ccode\u003e78075b7\u003c/code\u003e\u003c/a\u003e feat(useExportType): add style option (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10561\"\u003e#10561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/66428957e6ca393a802f365b8e643438f19a3039\"\u003e\u003ccode\u003e6642895\u003c/code\u003e\u003c/a\u003e feat: rule promotion for v2.5 (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10562\"\u003e#10562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/9a5855e4191c98149f8278289569b2272b992684\"\u003e\u003ccode\u003e9a5855e\u003c/code\u003e\u003c/a\u003e feat: noRestrictedDependencies (\u003ca href=\"https://githu...\n\n_Description has been truncated_","html_url":"https://github.com/sairam0424/ag-bash/pull/89","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sairam0424%2Fag-bash/issues/89","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/89/packages"}},{"old_version":"21.3.0","new_version":"21.3.2","update_type":"patch","path":null,"pr_created_at":"2026-06-08T17:04:06.000Z","version_change":"21.3.0 → 21.3.2","issue":{"uuid":"4614935741","node_id":"PR_kwDORPe1087kAhiM","number":11,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T00:27:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-08T17:04:06.000Z","updated_at":"2026-06-09T00:27:59.000Z","time_to_close":26631,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"ws","old_version":"8.19.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"vitest","old_version":"4.0.18","new_version":"4.1.0","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.12.1","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.12.1` | `11.12.3` |\n\nBumps the npm_and_yarn group with 3 updates in the /ui directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest), [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 4.0.18 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003emeta\u003c/code\u003e in test options  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9535\"\u003evitest-dev/vitest#9535\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7d622e3d1\"\u003e\u003c!-- raw HTML omitted --\u003e(7d622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport type inference with a new \u003ccode\u003etest.extend\u003c/code\u003e syntax  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9550\"\u003evitest-dev/vitest#9550\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e53854fcc\"\u003e\u003c!-- raw HTML omitted --\u003e(e5385)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport vite 8 beta, fix type issues in the config with different vite versions  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9587\"\u003evitest-dev/vitest#9587\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/990281dfd\"\u003e\u003c!-- raw HTML omitted --\u003e(99028)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assertion helper to hide internal stack traces  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9594\"\u003evitest-dev/vitest#9594\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/eeb0ae2f8\"\u003e\u003c!-- raw HTML omitted --\u003e(eeb0a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStore failure screenshots using artifacts API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9588\"\u003evitest-dev/vitest#9588\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/24603e3c4\"\u003e\u003c!-- raw HTML omitted --\u003e(24603)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003evitest list\u003c/code\u003e to statically collect tests instead of running files to collect them  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9630\"\u003evitest-dev/vitest#9630\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7a8e7fc20\"\u003e\u003c!-- raw HTML omitted --\u003e(7a8e7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--detect-async-leaks\u003c/code\u003e  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9528\"\u003evitest-dev/vitest#9528\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c594d4af3\"\u003e\u003c!-- raw HTML omitted --\u003e(c594d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003emockThrow\u003c/code\u003e and \u003ccode\u003emockThrowOnce\u003c/code\u003e  -  by \u003ca href=\"https://github.com/thor-juhasz\"\u003e\u003ccode\u003e@​thor-juhasz\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9512\"\u003evitest-dev/vitest#9512\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/619179fb7\"\u003e\u003c!-- raw HTML omitted --\u003e(61917)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eupdate: \u0026quot;none\u0026quot;\u003c/code\u003e and add docs about snapshots behavior on CI  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9700\"\u003evitest-dev/vitest#9700\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/05f1854e2\"\u003e\u003c!-- raw HTML omitted --\u003e(05f18)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright \u003ccode\u003elaunchOptions\u003c/code\u003e with \u003ccode\u003econnectOptions\u003c/code\u003e  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9702\"\u003evitest-dev/vitest#9702\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f0ff1b2a0\"\u003e\u003c!-- raw HTML omitted --\u003e(f0ff1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003epage/locator.mark\u003c/code\u003e API to enhance playwright trace  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9652\"\u003evitest-dev/vitest#9652\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d0ee546fe\"\u003e\u003c!-- raw HTML omitted --\u003e(d0ee5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport tests starting or ending with \u003ccode\u003etest\u003c/code\u003e in \u003ccode\u003eexperimental_parseSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/jgillick\"\u003e\u003ccode\u003e@​jgillick\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eJeremy Gillick\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9235\"\u003evitest-dev/vitest#9235\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2f367fad3\"\u003e\u003c!-- raw HTML omitted --\u003e(2f367)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd filters to \u003ccode\u003ecreateSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9336\"\u003evitest-dev/vitest#9336\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8e6c7fbf\"\u003e\u003c!-- raw HTML omitted --\u003e(c8e6c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003erunTestFiles\u003c/code\u003e as alternative to \u003ccode\u003erunTestSpecifications\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9443\"\u003evitest-dev/vitest#9443\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/43d761821\"\u003e\u003c!-- raw HTML omitted --\u003e(43d76)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9350\"\u003evitest-dev/vitest#9350\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/20e00ef78\"\u003e\u003c!-- raw HTML omitted --\u003e(20e00)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing down test cases to \u003ccode\u003etoTestSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9627\"\u003evitest-dev/vitest#9627\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6f17d5ddf\"\u003e\u003c!-- raw HTML omitted --\u003e(6f17d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euserEvent.wheel\u003c/code\u003e API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9188\"\u003evitest-dev/vitest#9188\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/660801979\"\u003e\u003c!-- raw HTML omitted --\u003e(66080)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efilterNode\u003c/code\u003e option to prettyDOM for filtering browser assertion error output  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9475\"\u003evitest-dev/vitest#9475\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d3220fcd8\"\u003e\u003c!-- raw HTML omitted --\u003e(d3220)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright persistent context  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9229\"\u003evitest-dev/vitest#9229\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f865d2ba4\"\u003e\u003c!-- raw HTML omitted --\u003e(f865d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edetailsPanelPosition\u003c/code\u003e option and button  -  by \u003ca href=\"https://github.com/shairez\"\u003e\u003ccode\u003e@​shairez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9525\"\u003evitest-dev/vitest#9525\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8a31147c\"\u003e\u003c!-- raw HTML omitted --\u003e(c8a31)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse BlazeDiff instead of pixelmatch  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9514\"\u003evitest-dev/vitest#9514\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/309362089\"\u003e\u003c!-- raw HTML omitted --\u003e(30936)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efindElement\u003c/code\u003e and enable strict mode in webdriverio and preview  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9677\"\u003evitest-dev/vitest#9677\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3f37721c\"\u003e\u003c!-- raw HTML omitted --\u003e(c3f37)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/bomb\"\u003e\u003ccode\u003e@​bomb\u003c/code\u003e\u003c/a\u003e.sh/tab completions  -  by \u003ca href=\"https://github.com/AmirSa12\"\u003e\u003ccode\u003e@​AmirSa12\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8639\"\u003evitest-dev/vitest#8639\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/200f31704\"\u003e\u003c!-- raw HTML omitted --\u003e(200f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003eignore start/stop\u003c/code\u003e ignore hints  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9204\"\u003evitest-dev/vitest#9204\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e59c94ba6\"\u003e\u003c!-- raw HTML omitted --\u003e(e59c9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecoverage.changed\u003c/code\u003e option to report only changed files  -  by \u003ca href=\"https://github.com/kykim00\"\u003e\u003ccode\u003e@​kykim00\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9521\"\u003evitest-dev/vitest#9521\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d9392c67\"\u003e\u003c!-- raw HTML omitted --\u003e(1d939)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexperimental\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonModuleRunner\u003c/code\u003e hook to \u003ccode\u003eworker.init\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9286\"\u003evitest-dev/vitest#9286\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e977f3deb\"\u003e\u003c!-- raw HTML omitted --\u003e(e977f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOption to disable the module runner  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9210\"\u003evitest-dev/vitest#9210\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9be6121ee\"\u003e\u003c!-- raw HTML omitted --\u003e(9be61)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/4150b913171bda3971a4a4c47c633c26d0c6ae45\"\u003e\u003ccode\u003e4150b91\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/1de0aa22dd6311a93546a75a3c58a6be519c1baf\"\u003e\u003ccode\u003e1de0aa2\u003c/code\u003e\u003c/a\u003e fix: correctly identify concurrent test during static analysis (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9846\"\u003e#9846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3cac1c1b5a91d921942e9391fbd94841717363f\"\u003e\u003ccode\u003ec3cac1c\u003c/code\u003e\u003c/a\u003e fix: use isAgent check, not just TTY, for watch mode (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9841\"\u003e#9841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/eab68ba2b8ea6f89717c0b885c573579659d7c3b\"\u003e\u003ccode\u003eeab68ba\u003c/code\u003e\u003c/a\u003e chore(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9824\"\u003e#9824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/031f02a89be34491c441b4da9c4e2bacb7db71df\"\u003e\u003ccode\u003e031f02a\u003c/code\u003e\u003c/a\u003e fix: allow catch/finally for async assertion (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9827\"\u003e#9827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e9e096a231fa0ec6475da82e36cbd6fcc9bc8f9\"\u003e\u003ccode\u003e3e9e096\u003c/code\u003e\u003c/a\u003e feat(reporters): add \u003ccode\u003eagent\u003c/code\u003e reporter to reduce ai agent token usage (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9779\"\u003e#9779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c2c01361a95dd26d0d7fd7bc38bcca8dbc6e5d2\"\u003e\u003ccode\u003e0c2c013\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0-beta.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8181e06e765f4d043818b244c76795022fa78ff6\"\u003e\u003ccode\u003e8181e06\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003ehideSkippedTests\u003c/code\u003e should not hide \u003ccode\u003etest.todo\u003c/code\u003e (fix \u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9562\"\u003e#9562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9781\"\u003e#9781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8216b0014b83612e40ef49f919d5293b68717b3\"\u003e\u003ccode\u003ea8216b0\u003c/code\u003e\u003c/a\u003e fix: manual and redirect mock shouldn't \u003ccode\u003eload\u003c/code\u003e or \u003ccode\u003etransform\u003c/code\u003e original module...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/689a22a1b8c79595f6f4ae82d2b43c895d7f1c50\"\u003e\u003ccode\u003e689a22a\u003c/code\u003e\u003c/a\u003e fix(browser): types of \u003ccode\u003egetCDPSession\u003c/code\u003e and \u003ccode\u003ecdp()\u003c/code\u003e (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9716\"\u003e#9716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.1 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.1...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.212.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.212.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 7.5.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/785416fd2b9827e4cb9bfccd823c3b6836baffb0\"\u003e785416f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution and tests (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/68b5339ea1936c90f526983da29b4267d20f9a51\"\u003e68b5339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e\u003ccode\u003e6406d4c\u003c/code\u003e\u003c/a\u003e fix: optimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e\u003ccode\u003e56782bf\u003c/code\u003e\u003c/a\u003e fix: reserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1dbcfe322899aca50fb82916db7802f647f23f0e\"\u003e\u003ccode\u003e1dbcfe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2035\"\u003e#2035\u003c/a\u003e from protobufjs/release-please--branches--master\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...protobufjs-v7.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 4.0.18 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/Mushy-Snugglebites-badonkadonk/openclaw/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mushy-Snugglebites-badonkadonk%2Fopenclaw/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"16.5.4","new_version":"22.0.1","update_type":"major","path":null,"pr_created_at":"2026-06-08T11:15:43.000Z","version_change":"16.5.4 → 22.0.1","issue":{"uuid":"4612393802","node_id":"PR_kwDOSRFYos7j4Fx2","number":37,"state":"closed","title":"deps(deps): bump the major group with 56 updates","user":"dependabot[bot]","labels":["invalid","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-08T11:16:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-08T11:15:43.000Z","updated_at":"2026-06-08T11:16:09.000Z","time_to_close":17,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): bump","group_name":"major","update_count":56,"packages":[{"name":"body-parser","old_version":"1.20.5","new_version":"2.2.2","repository_url":"https://github.com/expressjs/body-parser"},{"name":"check-dependencies","old_version":"1.1.1","new_version":"2.0.0","repository_url":"https://github.com/mgol/check-dependencies"},{"name":"config","old_version":"3.3.12","new_version":"4.4.1","repository_url":"https://github.com/node-config/node-config"},{"name":"express","old_version":"4.22.2","new_version":"5.2.1","repository_url":"https://github.com/expressjs/express"},{"name":"express-jwt","old_version":"0.1.3","new_version":"8.5.1","repository_url":"https://github.com/auth0/express-jwt"},{"name":"express-rate-limit","old_version":"7.5.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"express-robots-txt","old_version":"0.5.0","new_version":"1.0.0","repository_url":"https://github.com/modosc/express-robots-txt"},{"name":"file-type","old_version":"16.5.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"9.1.0","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"fuzzball","old_version":"1.4.0","new_version":"2.2.6","repository_url":"https://github.com/nol13/fuzzball.js"},{"name":"glob","old_version":"10.5.0","new_version":"13.0.6","repository_url":"https://github.com/isaacs/node-glob"},{"name":"grunt-contrib-compress","old_version":"1.6.0","new_version":"2.0.0","repository_url":"https://github.com/gruntjs/grunt-contrib-compress"},{"name":"helmet","old_version":"4.6.0","new_version":"8.2.0","repository_url":"https://github.com/helmetjs/helmet"},{"name":"html-entities","old_version":"1.4.0","new_version":"2.6.0","repository_url":"https://github.com/mdevils/html-entities"},{"name":"js-yaml","old_version":"3.14.2","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jsonwebtoken","old_version":"0.4.0","new_version":"9.0.3","repository_url":"https://github.com/auth0/node-jsonwebtoken"},{"name":"multer","old_version":"1.4.5-lts.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"otplib","old_version":"12.0.1","new_version":"13.4.1","repository_url":"https://github.com/yeojz/otplib"},{"name":"prom-client","old_version":"14.2.0","new_version":"15.1.3","repository_url":"https://github.com/siimon/prom-client"},{"name":"sanitize-html","old_version":"1.4.2","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"socket.io","old_version":"3.1.2","new_version":"4.8.3","repository_url":"https://github.com/socketio/socket.io"},{"name":"sqlite3","old_version":"5.1.7","new_version":"6.0.1","repository_url":"https://github.com/TryGhost/node-sqlite3"},{"name":"ts-node-dev","old_version":"1.1.8","new_version":"2.0.0","repository_url":"https://github.com/whitecolor/ts-node-dev"},{"name":"@types/chai","old_version":"4.3.20","new_version":"5.2.3","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/config","old_version":"3.3.5","new_version":"4.4.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/diff","old_version":"7.0.2","new_version":"8.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/express","old_version":"4.17.25","new_version":"5.0.6","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/express-jwt","old_version":"6.0.4","new_version":"7.4.4","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/fs-extra","old_version":"9.0.13","new_version":"11.0.4","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/glob","old_version":"7.2.0","new_version":"9.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/jest","old_version":"26.0.24","new_version":"30.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/js-yaml","old_version":"3.12.10","new_version":"4.0.9","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/jsonwebtoken","old_version":"8.5.9","new_version":"9.0.10","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/mocha","old_version":"8.2.3","new_version":"10.0.10","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/multer","old_version":"1.4.13","new_version":"2.1.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/node","old_version":"20.19.42","new_version":"25.9.2","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sanitize-html","old_version":"1.27.2","new_version":"2.16.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sequelize","old_version":"4.28.20","new_version":"6.12.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sinon","old_version":"10.0.20","new_version":"21.0.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/sinon-chai","old_version":"3.2.12","new_version":"4.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/socket.io","old_version":"2.1.13","new_version":"3.0.2","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/socket.io-client","old_version":"1.4.36","new_version":"3.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"6.18.1","new_version":"8.60.1","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"@typescript-eslint/parser","old_version":"6.18.1","new_version":"8.60.1","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"chai","old_version":"4.5.0","new_version":"6.2.2","repository_url":"https://github.com/chaijs/chai"},{"name":"concurrently","old_version":"5.3.0","new_version":"10.0.3","repository_url":"https://github.com/open-cli-tools/concurrently"},{"name":"cypress","old_version":"13.17.0","new_version":"15.16.0","repository_url":"https://github.com/cypress-io/cypress"},{"name":"eslint","old_version":"8.57.1","new_version":"10.4.1","repository_url":"https://github.com/eslint/eslint"},{"name":"eslint-plugin-promise","old_version":"6.6.0","new_version":"7.3.0","repository_url":"https://github.com/eslint-community/eslint-plugin-promise"},{"name":"jest","old_version":"29.7.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"mocha","old_version":"8.4.0","new_version":"11.7.6","repository_url":"https://github.com/mochajs/mocha"},{"name":"nyc","old_version":"15.1.0","new_version":"18.0.0","repository_url":"https://github.com/istanbuljs/nyc"},{"name":"sinon","old_version":"11.1.2","new_version":"22.0.0","repository_url":"https://github.com/sinonjs/sinon"},{"name":"sinon-chai","old_version":"3.7.0","new_version":"4.0.1","repository_url":"https://github.com/chaijs/sinon-chai"},{"name":"socket.io-client","old_version":"3.1.3","new_version":"4.8.3","repository_url":"https://github.com/socketio/socket.io"},{"name":"typescript","old_version":"5.3.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the major group with 56 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [body-parser](https://github.com/expressjs/body-parser) | `1.20.5` | `2.2.2` |\n| [check-dependencies](https://github.com/mgol/check-dependencies) | `1.1.1` | `2.0.0` |\n| [config](https://github.com/node-config/node-config) | `3.3.12` | `4.4.1` |\n| [express](https://github.com/expressjs/express) | `4.22.2` | `5.2.1` |\n| [express-jwt](https://github.com/auth0/express-jwt) | `0.1.3` | `8.5.1` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.5.2` |\n| [express-robots-txt](https://github.com/modosc/express-robots-txt) | `0.5.0` | `1.0.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `16.5.4` | `22.0.1` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `9.1.0` | `11.3.5` |\n| [fuzzball](https://github.com/nol13/fuzzball.js) | `1.4.0` | `2.2.6` |\n| [glob](https://github.com/isaacs/node-glob) | `10.5.0` | `13.0.6` |\n| [grunt-contrib-compress](https://github.com/gruntjs/grunt-contrib-compress) | `1.6.0` | `2.0.0` |\n| [helmet](https://github.com/helmetjs/helmet) | `4.6.0` | `8.2.0` |\n| [html-entities](https://github.com/mdevils/html-entities) | `1.4.0` | `2.6.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.2` | `4.2.0` |\n| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `0.4.0` | `9.0.3` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.2` | `2.1.1` |\n| [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) | `12.0.1` | `13.4.1` |\n| [prom-client](https://github.com/siimon/prom-client) | `14.2.0` | `15.1.3` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `1.4.2` | `2.17.4` |\n| [socket.io](https://github.com/socketio/socket.io) | `3.1.2` | `4.8.3` |\n| [sqlite3](https://github.com/TryGhost/node-sqlite3) | `5.1.7` | `6.0.1` |\n| [ts-node-dev](https://github.com/whitecolor/ts-node-dev) | `1.1.8` | `2.0.0` |\n| [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai) | `4.3.20` | `5.2.3` |\n| [@types/config](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/config) | `3.3.5` | `4.4.0` |\n| [@types/diff](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/diff) | `7.0.2` | `8.0.0` |\n| [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.25` | `5.0.6` |\n| [@types/express-jwt](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express-jwt) | `6.0.4` | `7.4.4` |\n| [@types/fs-extra](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/fs-extra) | `9.0.13` | `11.0.4` |\n| [@types/glob](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/glob) | `7.2.0` | `9.0.0` |\n| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `26.0.24` | `30.0.0` |\n| [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) | `3.12.10` | `4.0.9` |\n| [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) | `8.5.9` | `9.0.10` |\n| [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) | `8.2.3` | `10.0.10` |\n| [@types/multer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/multer) | `1.4.13` | `2.1.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.42` | `25.9.2` |\n| [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) | `1.27.2` | `2.16.1` |\n| [@types/sequelize](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sequelize) | `4.28.20` | `6.12.0` |\n| [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) | `10.0.20` | `21.0.1` |\n| [@types/sinon-chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon-chai) | `3.2.12` | `4.0.0` |\n| [@types/socket.io](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/socket.io) | `2.1.13` | `3.0.2` |\n| [@types/socket.io-client](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/socket.io-client) | `1.4.36` | `3.0.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `6.18.1` | `8.60.1` |\n| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.18.1` | `8.60.1` |\n| [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.2` |\n| [concurrently](https://github.com/open-cli-tools/concurrently) | `5.3.0` | `10.0.3` |\n| [cypress](https://github.com/cypress-io/cypress) | `13.17.0` | `15.16.0` |\n| [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.4.1` |\n| [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) | `6.6.0` | `7.3.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.4.2` |\n| [mocha](https://github.com/mochajs/mocha) | `8.4.0` | `11.7.6` |\n| [nyc](https://github.com/istanbuljs/nyc) | `15.1.0` | `18.0.0` |\n| [sinon](https://github.com/sinonjs/sinon) | `11.1.2` | `22.0.0` |\n| [sinon-chai](https://github.com/chaijs/sinon-chai) | `3.7.0` | `4.0.1` |\n| [socket.io-client](https://github.com/socketio/socket.io) | `3.1.3` | `4.8.3` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.3.3` | `6.0.3` |\n\nUpdates `body-parser` from 1.20.5 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.0 / 2025-03-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: normalize common options for all parsers\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003eiconv-lite@^0.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.1.0 / 2025-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.0\u003c/li\u003e\n\u003cli\u003edebug@^4.4.0\u003c/li\u003e\n\u003cli\u003eRemoved destroy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003erefactor: prefix built-in node module imports\u003c/li\u003e\n\u003cli\u003euse the node require cache instead of custom caching\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.2 / 2024-10-31\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eremove \u003ccode\u003eunpipe\u003c/code\u003e package and use native \u003ccode\u003eunpipe()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.1 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore expected behavior \u003ccode\u003eextended\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.0.0 / 2024-09-10\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode.js 18 is the minimum supported version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.5...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `check-dependencies` from 1.1.1 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mgol/check-dependencies/releases\"\u003echeck-dependencies's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cp\u003eNotable non-breaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esupport npm package aliases (\u003ca href=\"https://redirect.github.com/mgol/check-dependencies/issues/50\"\u003e#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereduced a number of external dependencies\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enpm prune\u003c/code\u003e is no longer called as\u003ccode\u003enpm install\u003c/code\u003e already prunes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBreaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edropped the callback interface - use promises instead\u003c/li\u003e\n\u003cli\u003edropped the \u003ccode\u003echeckCustomPackageNames\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003eCLI argument parsing is more strict now; camelCase parameter versions like \u003ccode\u003e--packageDir\u003c/code\u003e are no longer supported; use their kebab-case versions like \u003ccode\u003e--package-dir\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003edropped Bower support\u003c/li\u003e\n\u003cli\u003edropped support for Node.js \u003ccode\u003e\u0026lt;18.3\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/03c88471d9b99857bcc78171fc5dd89a4a402a16\"\u003e\u003ccode\u003e03c8847\u003c/code\u003e\u003c/a\u003e Tag 2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/65d9ef555c2e986b849e7abeac0474bfee663b0e\"\u003e\u003ccode\u003e65d9ef5\u003c/code\u003e\u003c/a\u003e Set Node.js requirement in package.json engines to \u0026gt;=18.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/4917ab0b9362530a95cc2bef028c2a6dcedf2ab7\"\u003e\u003ccode\u003e4917ab0\u003c/code\u003e\u003c/a\u003e Simplify the spawn logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/fc04cc87fe4284c083702e36a9a4055034d9fcc9\"\u003e\u003ccode\u003efc04cc8\u003c/code\u003e\u003c/a\u003e Drop support for the callback interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/28257dd04168aab66793fd0fe8ed0f46d52abec9\"\u003e\u003ccode\u003e28257dd\u003c/code\u003e\u003c/a\u003e Tweak ESLint settings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/dc16e8ac809502cf7509ef2de7429895b806535e\"\u003e\u003ccode\u003edc16e8a\u003c/code\u003e\u003c/a\u003e Drop the bluebird devDependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/412337ae3691296cbe7c2d69f0c51201894afc07\"\u003e\u003ccode\u003e412337a\u003c/code\u003e\u003c/a\u003e Drop fs-extra \u0026amp; graceful-fs devDependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/091279a22472c299cbdba0ab6e3e8a2dfbba11b5\"\u003e\u003ccode\u003e091279a\u003c/code\u003e\u003c/a\u003e Drop the findup-sync dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/10ac9c5b2ed92cdad11ce0f390551072e7509f18\"\u003e\u003ccode\u003e10ac9c5\u003c/code\u003e\u003c/a\u003e Drop lodash.camelcase \u0026amp; minimist dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mgol/check-dependencies/commit/35dce52450b99241942c24d18a572c55fecc44d9\"\u003e\u003ccode\u003e35dce52\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mgol/check-dependencies/compare/1.1.1...2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `config` from 3.3.12 to 4.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-config/node-config/releases\"\u003econfig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes for some method signature declarations\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.4.0...v4.4.1\"\u003ehttps://github.com/node-config/node-config/compare/v4.4.0...v4.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTypescript types added to project by \u003ca href=\"https://github.com/mdkitzman\"\u003e\u003ccode\u003e@​mdkitzman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewithModuleDefaults()\u003c/code\u003e function added to support separate module defaults for multiple versions\u003c/li\u003e\n\u003cli\u003eRework raw.js to function like the new defer mechanism.\u003c/li\u003e\n\u003cli\u003e./raw.js is also now deprecated, and will be removed in 5.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mdkitzman\"\u003e\u003ccode\u003e@​mdkitzman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/877\"\u003enode-config/node-config#877\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.3.0...v4.4.0\"\u003ehttps://github.com/node-config/node-config/compare/v4.3.0...v4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enew callback mechanism for handling deferred and async configuration evaluation\u003c/li\u003e\n\u003cli\u003e./async.js and ./defer.js are now deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Async and Deferred mechanism\u003c/h3\u003e\n\u003cp\u003eInstead of using async.js and defer.js, your executable config files can return a synchronous or asynchronous function. Note that if you use async deferred functions through the new mechanism, \u003cstrong\u003eyou need to call Util.resolveAsyncConfig()\u003c/strong\u003e instead of the old version.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eUtil.resolveAsyncConfig()\u003c/code\u003e also fixes an issue where using defer in an array did not function properly \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/876\"\u003e#876\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe old implementations have been marked as deprecated and will issue warnings to console.error to indicate use of the old pathways. The old functions are incompatible with ESM loading conventions and will be removed at the beginning of the 5.0 cycle to facilitate conversion of the library to ESM.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.2.1...v4.3.0\"\u003ehttps://github.com/node-config/node-config/compare/v4.2.1...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore config.util.getEnv() by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/874\"\u003enode-config/node-config#874\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-config/node-config/compare/v4.2.0...v4.2.1\"\u003ehttps://github.com/node-config/node-config/compare/v4.2.0...v4.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDelete deprecated functions in Config.util, and associated tests. by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/845\"\u003enode-config/node-config#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDefault to yaml over js-yaml by \u003ca href=\"https://github.com/jdmarshall\"\u003e\u003ccode\u003e@​jdmarshall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-config/node-config/pull/859\"\u003enode-config/node-config#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAll deprecated functions in config.util have been removed. Please use lib/util for similar functionality\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/878648c638abb25dcfa9673defff3068802fa383\"\u003e\u003ccode\u003e878648c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/892\"\u003e#892\u003c/a\u003e from jdmarshall/typefixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/506149bfce3b4101e2d323433d8da57a51cc7f33\"\u003e\u003ccode\u003e506149b\u003c/code\u003e\u003c/a\u003e Fix some type declarations, including those for \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/890\"\u003e#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/228c4ad3c62769dbb0ea336d25c182c8fb547195\"\u003e\u003ccode\u003e228c4ad\u003c/code\u003e\u003c/a\u003e 4.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/407f80c51d8532bb00cb01fa12c7d662645af27d\"\u003e\u003ccode\u003e407f80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/888\"\u003e#888\u003c/a\u003e from jdmarshall/getRegression\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/d71db3c92f0d8d1c20ca6f6574f0c30d1e05c819\"\u003e\u003ccode\u003ed71db3c\u003c/code\u003e\u003c/a\u003e Update baseline and add 4.3 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/10b0c8e6d60e4524b5a7c1c8636ed7a1c279325a\"\u003e\u003ccode\u003e10b0c8e\u003c/code\u003e\u003c/a\u003e Fix perf regression in Config.get()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/2d3e179877fc0c51ca180f17f3cde0919b5b1bf9\"\u003e\u003ccode\u003e2d3e179\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/887\"\u003e#887\u003c/a\u003e from jdmarshall/benchmarks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/a35a7cd400feebbaf6a67d51e16a76e16af699e7\"\u003e\u003ccode\u003ea35a7cd\u003c/code\u003e\u003c/a\u003e Matrix builds and separate benchmarks from ci run.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/1156350d94230466fa325103169e14618038d5ca\"\u003e\u003ccode\u003e1156350\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-config/node-config/issues/883\"\u003e#883\u003c/a\u003e from jdmarshall/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-config/node-config/commit/f9d2818455b20404814c668c6472c37dd1b4e227\"\u003e\u003ccode\u003ef9d2818\u003c/code\u003e\u003c/a\u003e Fix badges and Release Notes link.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-config/node-config/compare/v3.3.12...v4.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jdmarshall\"\u003ejdmarshall\u003c/a\u003e, a new releaser for config since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.22.2 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003cbr /\u003e\nThe prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease: 5.2.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6933\"\u003eexpressjs/express#6933\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/expressjs/express/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6429\"\u003eexpressjs/express#6429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: simplify \u003ccode\u003eacceptsLanguages\u003c/code\u003e implementation using spread operator by \u003ca href=\"https://github.com/Ayoub-Mabrouk\"\u003e\u003ccode\u003e@​Ayoub-Mabrouk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6137\"\u003eexpressjs/express#6137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eincreased code coverage of utils.js file by \u003ca href=\"https://github.com/ashish3011\"\u003e\u003ccode\u003e@​ashish3011\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6386\"\u003eexpressjs/express#6386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove duplicate word by \u003ca href=\"https://github.com/dufucun\"\u003e\u003ccode\u003e@​dufucun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6456\"\u003eexpressjs/express#6456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6498\"\u003eexpressjs/express#6498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6497\"\u003eexpressjs/express#6497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6496\"\u003eexpressjs/express#6496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6504\"\u003eexpressjs/express#6504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update codeql config by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6488\"\u003eexpressjs/express#6488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6512\"\u003eexpressjs/express#6512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix typos in test by \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6535\"\u003eexpressjs/express#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: disable credential persistence for checkout actions by \u003ca href=\"https://github.com/mertssmnoglu\"\u003e\u003ccode\u003e@​mertssmnoglu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6522\"\u003eexpressjs/express#6522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: allow manual triggering of workflow by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6515\"\u003eexpressjs/express#6515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: add coverage for app.listen() variants by \u003ca href=\"https://github.com/kgarg1\"\u003e\u003ccode\u003e@​kgarg1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6476\"\u003eexpressjs/express#6476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: move documentation and charters to the discussions and .github … by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6427\"\u003eexpressjs/express#6427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6549\"\u003eexpressjs/express#6549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6548\"\u003eexpressjs/express#6548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: enforce explicit \u003ccode\u003eBuffer\u003c/code\u003e import and add lint rule by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6525\"\u003eexpressjs/express#6525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: use node protocol for querystring by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6520\"\u003eexpressjs/express#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix typo by \u003ca href=\"https://github.com/mountdisk\"\u003e\u003ccode\u003e@​mountdisk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6609\"\u003eexpressjs/express#6609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6618\"\u003eexpressjs/express#6618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deprecation warnings for redirect arguments undefined by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6405\"\u003eexpressjs/express#6405\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: run CI when the markdown changes by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6632\"\u003eexpressjs/express#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: fix CONTRIBUTING link by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6653\"\u003eexpressjs/express#6653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: update contributing guidelines and code of conduct links by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6601\"\u003eexpressjs/express#6601\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump morgan from 1.10.0 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6679\"\u003eexpressjs/express#6679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6678\"\u003eexpressjs/express#6678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elint: add --fix flag to automatic fix linting issue by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6644\"\u003eexpressjs/express#6644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: ignore yarn.lock file and update example by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6588\"\u003eexpressjs/express#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elib: use req.socket over deprecated req.connection by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6705\"\u003eexpressjs/express#6705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: update express app example by \u003ca href=\"https://github.com/shivarm\"\u003e\u003ccode\u003e@​shivarm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6718\"\u003eexpressjs/express#6718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6675\"\u003eexpressjs/express#6675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove history.md from being packaged on publish by \u003ca href=\"https://github.com/sheplu\"\u003e\u003ccode\u003e@​sheplu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6780\"\u003eexpressjs/express#6780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/master/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.2.1 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRevert security fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.2.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003ebody-parser@^2.2.1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eA deprecation warning was added when using \u003ccode\u003eres.redirect\u003c/code\u003e with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.1.0 / 2025-03-31\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eUint8Array\u003c/code\u003e in \u003ccode\u003eres.send()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for ETag option in \u003ccode\u003eres.sendFile()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for multiple links with the same rel in \u003ccode\u003eres.links()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd funding field to package.json\u003c/li\u003e\n\u003cli\u003eperf: use loop for acceptParams\u003c/li\u003e\n\u003cli\u003erefactor: prefix built-in node module imports\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003esetprototypeof\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003esafe-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003eutils-merge\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003emethods\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: remove \u003ccode\u003edepd\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003edebug@^4.4.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003ebody-parser@^2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003erouter@^2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003econtent-type@^1.0.5\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003efinalhandler@^2.1.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003eqs@^6.14.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003eserver-static@2.2.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: \u003ccode\u003etype-is@2.0.1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.0.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003ecookie\u003c/code\u003e semver lock to address \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.0.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eremove:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epath-is-absolute\u003c/code\u003e dependency - use \u003ccode\u003epath.isAbsolute\u003c/code\u003e instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebreaking:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eres.status()\u003c/code\u003e accepts only integers, and input must be greater than 99 and less than 1000\n\u003cul\u003e\n\u003cli\u003ewill throw a \u003ccode\u003eRangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.\u003c/code\u003e for inputs outside this range\u003c/li\u003e\n\u003cli\u003ewill throw a \u003ccode\u003eTypeError: Invalid status code: ${code}. Status code must be an integer.\u003c/code\u003e for non integer inputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@1.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dbac741a49a5a64336b70c06e85c2e2706e36336\"\u003e\u003ccode\u003edbac741\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/697547cde621d8b0a47b4fff6e98b29337f8c980\"\u003e\u003ccode\u003e697547c\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;sec: security patch for CVE-2024-51999\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/4007ad103ba29f6426b2ec9eccfb1ceb792682a8\"\u003e\u003ccode\u003e4007ad1\u003c/code\u003e\u003c/a\u003e Release: 5.2.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255\"\u003e\u003ccode\u003e2f64f68\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/ed0ba3f1dc905d6b62eabf23bd383abcae4901ba\"\u003e\u003ccode\u003eed0ba3f\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6928\"\u003e#6928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8eace4603cb2547608578a4fbb259dc984216f71\"\u003e\u003ccode\u003e8eace46\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6929\"\u003e#6929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/30bae810279b2ea162bed5b14ce6c35a110a87f5\"\u003e\u003ccode\u003e30bae81\u003c/code\u003e\u003c/a\u003e build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6930\"\u003e#6930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/758d4355d45322b4c8cd347ebcefbf3b154c7e7f\"\u003e\u003ccode\u003e758d435\u003c/code\u003e\u003c/a\u003e deps: body-parser@^2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6922\"\u003e#6922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/77bcd5274a87047e5b3fe2f17f6c342db3909c53\"\u003e\u003ccode\u003e77bcd52\u003c/code\u003e\u003c/a\u003e docs: update emeritus triagers (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6890\"\u003e#6890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/f33caf1f89a028f0ea98ff5a156a68e65a2eabdd\"\u003e\u003ccode\u003ef33caf1\u003c/code\u003e\u003c/a\u003e Nominate to \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e for triage team (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6888\"\u003e#6888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/v4.22.2...v5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-jwt` from 0.1.3 to 8.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/express-jwt/blob/master/CHANGELOG.md\"\u003eexpress-jwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file starting from version \u003cstrong\u003ev4.0.0\u003c/strong\u003e.\nThis project adheres to \u003ca href=\"http://semver.org/\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.3.0 - 2023-01-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erequestProperty support for nested properties (\u003ca href=\"https://github.com/auth0/express-jwt/commit/bbd3606ce68da2602733d6e4ac32564570753ca1\"\u003ebbd3606ce68da2602733d6e4ac32564570753ca1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Typescript instructions in Readme.MD (\u003ca href=\"https://github.com/auth0/express-jwt/commit/3c1d5cf8a08a6afbcfc78640b8cdb26fac8002ca\"\u003e3c1d5cf8a08a6afbcfc78640b8cdb26fac8002ca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.2.1 - 2022-12-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd secret rotation example in readme. close \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/310\"\u003e#310\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/0000a44ed58aac97798007af19b0324f28acc436\"\u003e0000a44ed58aac97798007af19b0324f28acc436\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/310\"\u003e#310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate \u003ccode\u003e@​types/jsonwebtoken\u003c/code\u003e and fix deps in package-lock (\u003ca href=\"https://github.com/auth0/express-jwt/commit/2322a9b67a5b5c716f953a53a0bb4bbc696d0a11\"\u003e2322a9b67a5b5c716f953a53a0bb4bbc696d0a11\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.2.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd an optional handler for expired tokens. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/6048\"\u003e#6048\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/ca6c90ccbb4b61b91f417a5dfa56f0b931b81528\"\u003eca6c90ccbb4b61b91f417a5dfa56f0b931b81528\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/6048\"\u003e#6048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate type to match jwks-rsa (\u003ca href=\"https://github.com/auth0/express-jwt/commit/bcad8af9cad82b3777cc38d1c05864a35f82bc53\"\u003ebcad8af9cad82b3777cc38d1c05864a35f82bc53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: export middleware options type. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/308\"\u003e#308\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/25a30f0d50c02cc75ab17b09f3592e76e09f9666\"\u003e25a30f0d50c02cc75ab17b09f3592e76e09f9666\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/308\"\u003e#308\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.0 - 2022-12-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade jsonwebtoken to v9. \u003ca href=\"https://github.com/advisories/GHSA-27h2-hvpr-p74q\"\u003ehttps://github.com/advisories/GHSA-27h2-hvpr-p74q\u003c/a\u003e .\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.3 - 2022-05-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tsc build error for express-unless (\u003ca href=\"https://github.com/auth0/express-jwt/commit/e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198\"\u003ee1fe1d264bc5363e008d23fea9d8c5d2ac0d8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove esModuleInterop and fix assert import in tests (\u003ca href=\"https://github.com/auth0/express-jwt/commit/9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201\"\u003e9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.2 - 2022-05-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix instaceof comparison for UnauthorizedError. closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/292\"\u003e#292\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/6c87fe401ecba868feda1ffa530082c7c539321a\"\u003e6c87fe401ecba868feda1ffa530082c7c539321a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/292\"\u003e#292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate changelog (\u003ca href=\"https://github.com/auth0/express-jwt/commit/b1344fa7f6f9dd3d27115a9107b3ef4323733895\"\u003eb1344fa7f6f9dd3d27115a9107b3ef4323733895\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.1 - 2022-05-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix readme and package-lock (\u003ca href=\"https://github.com/auth0/express-jwt/commit/7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1\"\u003e7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebuild(deps): required runtime types (\u003ca href=\"https://github.com/auth0/express-jwt/commit/f3f5af5c214241b4f92b91c49db8586ec20e4526\"\u003ef3f5af5c214241b4f92b91c49db8586ec20e4526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: fix tiny typo (\u003ca href=\"https://github.com/auth0/express-jwt/commit/07e771857489b6344a8dc457069d040a76e84230\"\u003e07e771857489b6344a8dc457069d040a76e84230\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.7.0 - 2022-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeprecate ExpressJwtRequest in favor of Request with optional auth, closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/284\"\u003e#284\u003c/a\u003e (\u003ca href=\"https://github.com/auth0/express-jwt/commit/de169def56f98f4237741aa6755d0c5e248bd561\"\u003ede169def56f98f4237741aa6755d0c5e248bd561\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/284\"\u003e#284\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.6.2 - 2022-05-02\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/0dfe63b9a702b0755ec60d171152747942210be6\"\u003e\u003ccode\u003e0dfe63b\u003c/code\u003e\u003c/a\u003e 8.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/105ef5ec66fa32aa5861a09d3290545253adcbbb\"\u003e\u003ccode\u003e105ef5e\u003c/code\u003e\u003c/a\u003e add readme to package.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/c028e7098ea3dbdd4684f6e4960564e38fccdb96\"\u003e\u003ccode\u003ec028e70\u003c/code\u003e\u003c/a\u003e 8.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/75203815ab759f65aa114f4eb01faa58bc0e1e0c\"\u003e\u003ccode\u003e7520381\u003c/code\u003e\u003c/a\u003e fix: signature of middleware returned\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/ecd42788a7a24641ec78c8b21767c5f8aca5600a\"\u003e\u003ccode\u003eecd4278\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/f42a0e99422fe85fadd0a209b8497b64995e94cf\"\u003e\u003ccode\u003ef42a0e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/auth0/express-jwt/issues/339\"\u003e#339\u003c/a\u003e from auth0/integrate-semgrep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/dacb316f8d485a9c335434f2812561ca9c282ecb\"\u003e\u003ccode\u003edacb316\u003c/code\u003e\u003c/a\u003e Create semgrep.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/00763facd650da5aa378ed876f4a1e863957642b\"\u003e\u003ccode\u003e00763fa\u003c/code\u003e\u003c/a\u003e Modify tests to actually exercise wrong signature case by removing base64 pad...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/d15b92c3424ecb1713df106f615c2a770ddbc0b8\"\u003e\u003ccode\u003ed15b92c\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/express-jwt/commit/d1e88c73ed81b67d8f43eb748f8f33aa5c5b4aaf\"\u003e\u003ccode\u003ed1e88c7\u003c/code\u003e\u003c/a\u003e Merge branch 'glensc-patch-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/auth0/express-jwt/compare/v0.1.3...v8.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-rate-limit` from 7.5.1 to 8.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/releases\"\u003eexpress-rate-limit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.5.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.5.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.5.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.2.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.2.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.1.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/97746932253e6c734569140e71357b2633eb1912\"\u003e\u003ccode\u003e9774693\u003c/code\u003e\u003c/a\u003e 8.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/0e94cc0176ca0e4960bd6992f1d105766fb9532c\"\u003e\u003ccode\u003e0e94cc0\u003c/code\u003e\u003c/a\u003e v8.5.2 changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/9a583c566aa5aaeb8b94312e9e9dbf711f89e7b3\"\u003e\u003ccode\u003e9a583c5\u003c/code\u003e\u003c/a\u003e feat: simplify IPv6 key generation (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/4f4b3fb78f96ac841a26122be1d82123271d7654\"\u003e\u003ccode\u003e4f4b3fb\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/3c1d6c57bddc0d7c9923611fd1ac1e17399a4865\"\u003e\u003ccode\u003e3c1d6c5\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 7 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/631\"\u003e#631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/18884b671441b14dd0e9328a5ebedf51278a16c1\"\u003e\u003ccode\u003e18884b6\u003c/code\u003e\u003c/a\u003e chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/630\"\u003e#630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/dacc9800e640b14c61cd8791ef59d75d0ac037a7\"\u003e\u003ccode\u003edacc980\u003c/code\u003e\u003c/a\u003e chore(deps): bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/629\"\u003e#629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/486d0c608a95f344863302bb213fb09ea9ddf5de\"\u003e\u003ccode\u003e486d0c6\u003c/code\u003e\u003c/a\u003e chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/627\"\u003e#627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/50cc3f6345f603ac2fe4eb646edd7338b9a31fbb\"\u003e\u003ccode\u003e50cc3f6\u003c/code\u003e\u003c/a\u003e 8.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/92c8e3efd87b9b9f89092b1f9c8c17ac134c1293\"\u003e\u003ccode\u003e92c8e3e\u003c/code\u003e\u003c/a\u003e chore: bump ip-address library to latest (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/626\"\u003e#626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v7.5.1...v8.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express-robots-txt` from 0.5.0 to 1.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modosc/express-robots-txt/blob/main/HISTORY.md\"\u003eexpress-robots-txt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v1.0.0] - {2021-08-20}\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRewrite as es6, add separate commonjs + esm exports\u003c/li\u003e\n\u003cli\u003eUpdate deps\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/2791589d8c96fc4d2190cc217d262d70cc569a93\"\u003e\u003ccode\u003e2791589\u003c/code\u003e\u003c/a\u003e es6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/55\"\u003e#55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/0eb20919053c95e94b5d439a9fd48a98147d35bd\"\u003e\u003ccode\u003e0eb2091\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/940a03c2ebc9b8b8798df855ac92535e4240b060\"\u003e\u003ccode\u003e940a03c\u003c/code\u003e\u003c/a\u003e Bump supertest from 6.1.3 to 6.1.5 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/52\"\u003e#52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/6c933f1f9936c1470b0ad405310b5979294ccdff\"\u003e\u003ccode\u003e6c933f1\u003c/code\u003e\u003c/a\u003e Bump jest from 27.0.4 to 27.0.6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/50\"\u003e#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/308c9057a4baf7365d515cae1920f57653229711\"\u003e\u003ccode\u003e308c905\u003c/code\u003e\u003c/a\u003e Bump path-parse from 1.0.6 to 1.0.7 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/53\"\u003e#53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/0bdaaa00b7781540b145fe18abdca11c7a924aee\"\u003e\u003ccode\u003e0bdaaa0\u003c/code\u003e\u003c/a\u003e Bump jest from 26.6.3 to 27.0.4 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/48\"\u003e#48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/974a926e5dfbfcca2d99742032e4750ca478c22d\"\u003e\u003ccode\u003e974a926\u003c/code\u003e\u003c/a\u003e Bump ws from 7.4.3 to 7.4.6 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/46\"\u003e#46\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/c12444cfcf67cde0d249495d11bbc9b4a7e3f686\"\u003e\u003ccode\u003ec12444c\u003c/code\u003e\u003c/a\u003e Bump hosted-git-info from 2.8.8 to 2.8.9 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/43\"\u003e#43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/72f7ca8ab5f45592e9d9a49df94e73e03814c793\"\u003e\u003ccode\u003e72f7ca8\u003c/code\u003e\u003c/a\u003e Bump lodash from 4.17.20 to 4.17.21 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modosc/express-robots-txt/commit/6c35250df606de1bd355cd93850514cea82bb037\"\u003e\u003ccode\u003e6c35250\u003c/code\u003e\u003c/a\u003e Bump chai from 4.3.3 to 4.3.4 (\u003ca href=\"https://redirect.github.com/modosc/express-robots-txt/issues/42\"\u003e#42\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modosc/express-robots-txt/compare/v0.5.0...v1.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 16.5.4 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fs-extra` from 9.1.0 to 11.3.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md\"\u003efs-extra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e11.3.5 / 2026-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eensureLink*\u003c/code\u003e/\u003ccode\u003eensureSymlink*\u003c/code\u003e identical file detection on Windows (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix error handling in timestamp preservation code (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1065\"\u003e#1065\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential file descriptor leak on error in synchronous timestamp preservation code (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1066\"\u003e#1066\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.4 / 2026-03-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where calling \u003ccode\u003eensureSymlink\u003c/code\u003e/\u003ccode\u003eensureSymlinkSync\u003c/code\u003e with a relative \u003ccode\u003esrcPath\u003c/code\u003e would fail if the symlink already existed (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1038\"\u003e#1038\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.3 / 2025-12-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix copying symlink when destination is a symlink to the same target (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1019\"\u003e#1019\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1060\"\u003e#1060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.2 / 2025-09-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix spurrious \u003ccode\u003eUnhandledPromiseRejectionWarning\u003c/code\u003e that could occur when calling \u003ccode\u003e.copy()\u003c/code\u003e in some cases (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1056\"\u003e#1056\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.1 / 2025-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix case where \u003ccode\u003emove\u003c/code\u003e/\u003ccode\u003emoveSync\u003c/code\u003e could incorrectly think files are identical on Windows (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.3.0 / 2025-01-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd promise support for newer \u003ccode\u003efs\u003c/code\u003e methods (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1044\"\u003e#1044\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1045\"\u003e#1045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003efs.opendir\u003c/code\u003e in \u003ccode\u003ecopy()\u003c/code\u003e/\u003ccode\u003ecopySync()\u003c/code\u003e for better perf/scalability (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/972\"\u003e#972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1028\"\u003e#1028\u003c/a\u003e)...\n\n_Description has been truncated_","html_url":"https://github.com/mo0om/juice-shop/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mo0om%2Fjuice-shop/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"}},{"old_version":"21.3.2","new_version":"22.0.1","update_type":"major","path":null,"pr_created_at":"2026-06-02T03:50:48.000Z","version_change":"21.3.2 → 22.0.1","issue":{"uuid":"4568253130","node_id":"PR_kwDOD_J6Kc7hn95e","number":1102,"state":"open","title":"chore(deps): Bump the client-prod-deps group across 1 directory with 9 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:50:48.000Z","updated_at":"2026-06-02T03:50:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"client-prod-deps","update_count":9,"packages":[{"name":"@sentry/vue","old_version":"10.38.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@zip.js/zip.js","old_version":"2.8.8","new_version":"2.8.26","repository_url":"https://github.com/gildas-lormeau/zip.js"},{"name":"axios","old_version":"1.15.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.4.0","new_version":"3.4.5","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"file-type","old_version":"21.3.2","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"pdfjs-dist","old_version":"5.4.624","new_version":"5.7.284","repository_url":"https://github.com/mozilla/pdf.js"},{"name":"vue","old_version":"3.5.30","new_version":"3.5.34","repository_url":"https://github.com/vuejs/core"},{"name":"vue-i18n","old_version":"11.3.0","new_version":"11.4.4","repository_url":"https://github.com/intlify/vue-i18n"},{"name":"vue-router","old_version":"4.6.4","new_version":"5.0.7","repository_url":"https://github.com/vuejs/router"}],"path":null,"ecosystem":"npm"},"body":"Bumps the client-prod-deps group with 9 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@sentry/vue](https://github.com/getsentry/sentry-javascript) | `10.38.0` | `10.53.1` |\n| [@zip.js/zip.js](https://github.com/gildas-lormeau/zip.js) | `2.8.8` | `2.8.26` |\n| [axios](https://github.com/axios/axios) | `1.15.2` | `1.16.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.0` | `3.4.5` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.2` | `22.0.1` |\n| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `5.4.624` | `5.7.284` |\n| [vue](https://github.com/vuejs/core) | `3.5.30` | `3.5.34` |\n| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.3.0` | `11.4.4` |\n| [vue-router](https://github.com/vuejs/router) | `4.6.4` | `5.0.7` |\n\n\nUpdates `@sentry/vue` from 10.38.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/vue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/vue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.38.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@zip.js/zip.js` from 2.8.8 to 2.8.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gildas-lormeau/zip.js/releases\"\u003e\u003ccode\u003e@​zip.js/zip.js's releases\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix return types for entry progress callbacks by \u003ca href=\"https://github.com/EvanHahn\"\u003e\u003ccode\u003e@​EvanHahn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/pull/648\"\u003egildas-lormeau/zip.js#648\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gildas-lormeau/zip.js/compare/v2.8.25...v2.8.26\"\u003ehttps://github.com/gildas-lormeau/zip.js/compare/v2.8.25...v2.8.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixed \u003ccode\u003eHttpRangeReader\u003c/code\u003e bug when reading compressed sizes multiples of 65536 (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes, attempt to fix NPM publishing\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed zip64 auto-detection with \u003ccode\u003ekeepOrder\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eZip files containing entries larger than 4 GB or larger than 4 GB are now handled correctly when entries are written in parallel with \u003ccode\u003ekeepOrder\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e. The zip64 extra field in the central directory is now built from actual offset and disk number values at close time, rather than being predicted at entry creation time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.22\u003c/h2\u003e\n\u003cp\u003eFixed support of option \u003ccode\u003ekeepOrder\u003c/code\u003e when set to \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eZipWriter\u003c/code\u003e (the option is set to \u003ccode\u003etrue\u003c/code\u003e by default)\u003c/p\u003e\n\u003ch2\u003ev2.8.21\u003c/h2\u003e\n\u003cp\u003eImplemented workaround (feature test) for \u003ccode\u003eDOMException\u003c/code\u003e serialization bug in Deno version 2.6.x (fix \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/636\"\u003egildas-lormeau/zip.js#636\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.8.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed inadvertently removed \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/ZipWriterConstructorOptions.html#createtempstream\"\u003ecreateTempStream\u003c/a\u003e option into \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/WorkerConfiguration.html#transferstreams\"\u003etransferStreams\u003c/a\u003e support in \u003ccode\u003eZipWriter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.19\u003c/h2\u003e\n\u003cp\u003eRemoved unwanted \u003ccode\u003eweb-worker\u003c/code\u003e dependency inadvertently added in the \u003ccode\u003epackage.json\u003c/code\u003e file of version \u003ccode\u003e2.8.17\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ca href=\"https://gildas-lormeau.github.io/zip.js/api/interfaces/ZipWriterConstructorOptions.html#createtempstream\"\u003e\u003ccode\u003ecreateTempStream\u003c/code\u003e\u003c/a\u003e option to \u003ccode\u003eZipWriter\u003c/code\u003e, used when adding entries in parallel, for custom temporary buffered write storage (e.g. filesystem, OPFS, network) instead of the default in-memory \u003ccode\u003eTransformStream\u003c/code\u003e (see this \u003ca href=\"https://github.com/gildas-lormeau/zip.js/blob/4cf50a673b73213ebf0d673333ef928738a06e79/tests/all/test-custom-temp-buffer.js\"\u003etest\u003c/a\u003e for a usage example)\u003c/li\u003e\n\u003cli\u003eImproved buffering implementation  in \u003ccode\u003eZipWriter\u003c/code\u003e by removing the \u003ccode\u003eBlob\u003c/code\u003e/\u003ccode\u003eResponse\u003c/code\u003e usage\u003c/li\u003e\n\u003cli\u003eFixed minor regression introduced in version \u003ccode\u003e2.8.16\u003c/code\u003e when the web worker URI is not a data or blob URI (workers were not working with code using ES6 \u003ccode\u003eimport\u003c/code\u003e) (see \u003ca href=\"https://github.com/gildas-lormeau/zip.js/blob/c6ab5788eadb09dbc23208b1e438b2eec4ffa531/tests/all/test-core.js\"\u003erelated test\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.17\u003c/h2\u003e\n\u003cp\u003eFixed support of Web Workers when running zip.js with Bun (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/638\"\u003e#638\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev2.8.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented lazy evaluation of the existence of the \u003ccode\u003eWorker\u003c/code\u003e API to facilitate the use of polyfills on Node.js (e.g. \u003ca href=\"https://www.npmjs.com/package/web-worker\"\u003e\u003ccode\u003eweb-worker\u003c/code\u003e\u003c/a\u003e), see \u003ca href=\"https://github.com/gildas-lormeau/zip.js/discussions/635#discussioncomment-15633490\"\u003ehttps://github.com/gildas-lormeau/zip.js/discussions/635#discussioncomment-15633490\u003c/a\u003e for more info\u003c/li\u003e\n\u003cli\u003eUpdated dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed NPM Access Token expiration issue (see \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/633\"\u003egildas-lormeau/zip.js#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed minor issues in the documentation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/3cf1e4c5bcf92f3e0393c391fb485a0fba6a92a1\"\u003e\u003ccode\u003e3cf1e4c\u003c/code\u003e\u003c/a\u003e bump up version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/7ad2d4259a3193ee169dffc2a8e2053b76794e20\"\u003e\u003ccode\u003e7ad2d42\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/5484569bd1fe28423166efd99cd7ee7147ada8d8\"\u003e\u003ccode\u003e5484569\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/648\"\u003e#648\u003c/a\u003e from EvanHahn/fix-types-for-progress-callbacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/88ce65474df30eb8b32378a8990df3f38764408a\"\u003e\u003ccode\u003e88ce654\u003c/code\u003e\u003c/a\u003e bump up version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/93de55a7f3e3206bc411871f0905e495760ed39b\"\u003e\u003ccode\u003e93de55a\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/5c4c70530bd9d879d516e190202125e09cc8106f\"\u003e\u003ccode\u003e5c4c705\u003c/code\u003e\u003c/a\u003e update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/ddd83971c0c5eb70692701756632137f80ee4958\"\u003e\u003ccode\u003eddd8397\u003c/code\u003e\u003c/a\u003e fix HttpRangeRedaer when reading compressed sizes multiples of 65536 (fix \u003ca href=\"https://redirect.github.com/gildas-lormeau/zip.js/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/860e29c363ea075f91bbaea8a0891ff80e0f724c\"\u003e\u003ccode\u003e860e29c\u003c/code\u003e\u003c/a\u003e Fix return types for entry progress callbacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/a21f85004cdfdaa69d7cf4e60dd4aac7b12a7040\"\u003e\u003ccode\u003ea21f850\u003c/code\u003e\u003c/a\u003e bump up version (fix npm issue?)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gildas-lormeau/zip.js/commit/0cc3a3c6310105930619187bef909436d972fa63\"\u003e\u003ccode\u003e0cc3a3c\u003c/code\u003e\u003c/a\u003e update doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gildas-lormeau/zip.js/compare/v2.8.8...v2.8.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ca href=\"https://github.com/zip\"\u003e\u003ccode\u003e@​zip\u003c/code\u003e\u003c/a\u003e.js/zip.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.15.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.15.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.4.0 to 3.4.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🚨 \u003cstrong\u003eThis release had been flagged as deprecated, please use DOMPurify 3.4.5 instead\u003c/strong\u003e 🚨\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with handling of nested Shadow DOM trees, thanks \u003ca href=\"https://github.com/fishjojo1\"\u003e\u003ccode\u003e@​fishjojo1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the template regexes to be more robust against ReDoS attacks, thanks \u003ca href=\"https://github.com/aleung27\"\u003e\u003ccode\u003e@​aleung27\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the node iteration code to catch more Shadow DOM related issues\u003c/li\u003e\n\u003cli\u003eUpdated Playwright and added Node 26 to test matrix\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with URI validation on attributes allowed via \u003ccode\u003eADD_ATTR\u003c/code\u003e callback, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with source maps referring to non-existing files, thanks \u003ca href=\"https://github.com/cmdcolin\"\u003e\u003ccode\u003e@​cmdcolin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3\"\u003e\u003ccode\u003e5817ad9\u003c/code\u003e\u003c/a\u003e release: 3.4.4 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b\"\u003e\u003ccode\u003e520edb0\u003c/code\u003e\u003c/a\u003e release: 3.4.3 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1352\"\u003e#1352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0\"\u003e\u003ccode\u003e6f67fd3\u003c/code\u003e\u003c/a\u003e Sync/3.4.2 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1322\"\u003e#1322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.4.0...3.4.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.2 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pdfjs-dist` from 5.4.624 to 5.7.284\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/pdf.js/releases\"\u003epdfjs-dist's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.7.284\u003c/h2\u003e\n\u003cp\u003eThis release contains improvements for accessibility, annotations, the annotation editor, font conversion, image conversion, performance, shading pattern rendering, SMask rendering and the viewer.\u003c/p\u003e\n\u003ch2\u003eChanges since v5.6.205\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the stable version in \u003ccode\u003epdfjs.config\u003c/code\u003e by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21004\"\u003emozilla/pdf.js#21004\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Rewrite the ps lexer \u0026amp; parser and add a small Wasm compiler by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21002\"\u003emozilla/pdf.js#21002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Node.js] Remove the \u003ccode\u003enode-readable-to-web-readable-stream\u003c/code\u003e polyfill by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21007\"\u003emozilla/pdf.js#21007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd attachments when merging/reorganizing a pdf (bug 2026956) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21013\"\u003emozilla/pdf.js#21013\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't use an intermediate canvas when rendering a tiling pattern bigger than the rectangle to fill by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/18815\"\u003emozilla/pdf.js#18815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid expressions duplication in the ps AST and use a local instead when compiling to WASM by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21008\"\u003emozilla/pdf.js#21008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for function-based shadings (bug 1254066) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21012\"\u003emozilla/pdf.js#21012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an interpreter for optimized ps code by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21010\"\u003emozilla/pdf.js#21010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEncrypt pdf data when merging the same pdf (bug 2028369) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21022\"\u003emozilla/pdf.js#21022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003eMathClamp\u003c/code\u003e helper function more by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21026\"\u003emozilla/pdf.js#21026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003el10n: Update locale files by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21033\"\u003emozilla/pdf.js#21033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eOffscreenCanvas\u003c/code\u003e unconditionally in the \u003ccode\u003eweb/pdf_thumbnail_view.js\u003c/code\u003e file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21021\"\u003emozilla/pdf.js#21021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix wrong values when sanitizing fonts by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21031\"\u003emozilla/pdf.js#21031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA couple of small \u003ccode\u003ecollectAnnotationsByType\u003c/code\u003e improvements by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21034\"\u003emozilla/pdf.js#21034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove the \u003ccode\u003eMathClamp\u003c/code\u003e helper function to its own file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21027\"\u003emozilla/pdf.js#21027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace all \u003ccode\u003eObject.prototype.hasOwnProperty\u003c/code\u003e usage with \u003ccode\u003eObject.hasOwn\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21029\"\u003emozilla/pdf.js#21029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Change \u003ccode\u003ePDFDataRangeTransport\u003c/code\u003e to use a single (internal)  listener by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21028\"\u003emozilla/pdf.js#21028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix radial gradient when the two circles have an intersection by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21014\"\u003emozilla/pdf.js#21014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a js fallback for interpreting ps code by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21023\"\u003emozilla/pdf.js#21023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGet the right transform for a pattern before filling some text by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21019\"\u003emozilla/pdf.js#21019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an eslint plugin for using MathClamp when it's possible by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21030\"\u003emozilla/pdf.js#21030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the annotation base transform before drawing it by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21020\"\u003emozilla/pdf.js#21020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the unused \u003ccode\u003ecompilePostScriptToIR\u003c/code\u003e function (PR 21023 follow-up) by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21037\"\u003emozilla/pdf.js#21037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Remove \u003ccode\u003ePostScriptCompiler\u003c/code\u003e and \u003ccode\u003ePostScriptEvaluator\u003c/code\u003e, since it's now dead code (PR 21023 follow-up) by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21005\"\u003emozilla/pdf.js#21005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix comments for (is/has)Singlefile in pdf_editor by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21036\"\u003emozilla/pdf.js#21036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies to the most recent versions by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21035\"\u003emozilla/pdf.js#21035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003ecalculateMD5\u003c/code\u003e helper, from \u003ccode\u003etest/downloadutils.mjs\u003c/code\u003e, in \u003ccode\u003etest/add_test.mjs\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21038\"\u003emozilla/pdf.js#21038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce a function type enumeration by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21041\"\u003emozilla/pdf.js#21041\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the original array-data when parsing Type 0 (Sampled) Functions by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21040\"\u003emozilla/pdf.js#21040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix intermittent failure in the \u0026quot;must check that the comment sidebar is resizable with the keyboard\u0026quot; comment integration test by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21045\"\u003emozilla/pdf.js#21045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix intermittent integration test failures related to checking the find count results text by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21043\"\u003emozilla/pdf.js#21043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[api-minor] Update the minimum supported Node.js version to 22 by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21018\"\u003emozilla/pdf.js#21018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unnecessary \u0026quot;flooring\u0026quot; of the components when setting the Annotation \u003ccode\u003eborderColor\u003c/code\u003e by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21047\"\u003emozilla/pdf.js#21047\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace individual AI/ML disabling preferences with the single killswitch preference in the tests by \u003ca href=\"https://github.com/timvandermeij\"\u003e\u003ccode\u003e@​timvandermeij\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21046\"\u003emozilla/pdf.js#21046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShorten the \u003ccode\u003esrc/core/postscript/\u003c/code\u003e code a tiny bit by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21048\"\u003emozilla/pdf.js#21048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnconditionally create a gpu device by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21049\"\u003emozilla/pdf.js#21049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003estringToBytes\u003c/code\u003e helper in the \u003ccode\u003ePDFEditor.prototype.writePDF\u003c/code\u003e method by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21051\"\u003emozilla/pdf.js#21051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the l10n-id for the sidebar toggleButton, in the \u003ccode\u003eViewsManager\u003c/code\u003e class by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21055\"\u003emozilla/pdf.js#21055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce allocations when compiling CFF fonts by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21053\"\u003emozilla/pdf.js#21053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the way to write numbers when saving a pdf by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21054\"\u003emozilla/pdf.js#21054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake sure the thumbnails positions are recomputed after a structural change but after a reflow has been done (bug 2028193) by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21059\"\u003emozilla/pdf.js#21059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 4.33.0 to 4.35.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21056\"\u003emozilla/pdf.js#21056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace a couple of loops with \u003ccode\u003eTypedArray.prototype.fill()\u003c/code\u003e in the \u003ccode\u003esrc/core/ascii_85_stream.js\u003c/code\u003e file by \u003ca href=\"https://github.com/Snuffleupagus\"\u003e\u003ccode\u003e@​Snuffleupagus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21050\"\u003emozilla/pdf.js#21050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/deploy-pages from 4.0.5 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21058\"\u003emozilla/pdf.js#21058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump codecov/codecov-action from 5.5.2 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21057\"\u003emozilla/pdf.js#21057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid as much as possible to have intermediate canvases by \u003ca href=\"https://github.com/calixteman\"\u003e\u003ccode\u003e@​calixteman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/pull/21061\"\u003emozilla/pdf.js#21061\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/7e5b36c2d572ba82e1e3adeb1c266f0052746c73\"\u003e\u003ccode\u003e7e5b36c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21171\"\u003e#21171\u003c/a\u003e from calixteman/bug2034980\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/dc3c07b3e371af20c87b991e6c7517e32c163f4b\"\u003e\u003ccode\u003edc3c07b\u003c/code\u003e\u003c/a\u003e Allow free-highlighting on top of image placeholders (bug 2034980)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/01b315a8f3d4576cd8639082e845195d9b148527\"\u003e\u003ccode\u003e01b315a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21176\"\u003e#21176\u003c/a\u003e from calixteman/bug2035197\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/c9a7ff05062f0a463d3a82d2590b1c6ad6125711\"\u003e\u003ccode\u003ec9a7ff0\u003c/code\u003e\u003c/a\u003e Fix merging PDFs with conflicting AcroForm /DR (bug 2035197)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/d9f175d36daa3e0ac26d5ab921899eaace917058\"\u003e\u003ccode\u003ed9f175d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21174\"\u003e#21174\u003c/a\u003e from nicolo-ribaudo/fix-comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/81678f20cab04e65c4a2f4a85d0a17a1397258ff\"\u003e\u003ccode\u003e81678f2\u003c/code\u003e\u003c/a\u003e Fix array type in CanvasBBoxTracker comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/8d3d370daac0cced39cb7370aaec9ab28ec9cbbd\"\u003e\u003ccode\u003e8d3d370\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21170\"\u003e#21170\u003c/a\u003e from calixteman/speedup_typetest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/da0b99ce68557eb2cec698e1bbe727323f441e59\"\u003e\u003ccode\u003eda0b99c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/20371\"\u003e#20371\u003c/a\u003e from timvandermeij/github-actions-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/3b8f55603d3ed60e6a13f35416662ee9cf5d4812\"\u003e\u003ccode\u003e3b8f556\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mozilla/pdf.js/issues/21154\"\u003e#21154\u003c/a\u003e from calixteman/bug2034804\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/pdf.js/commit/38beff5cef056c237cfdc255fe00aa7657bfd8c1\"\u003e\u003ccode\u003e38beff5\u003c/code\u003e\u003c/a\u003e Speed up 'gulp typestest' by removing the unused 'generic' dependency\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/pdf.js/compare/v5.4.624...v5.7.284\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vue` from 3.5.30 to 3.5.34\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vuejs/core/releases\"\u003evue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.34\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.33\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.32\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003ev3.5.31\u003c/h2\u003e\n\u003cp\u003eFor stable releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\nFor pre-releases, please refer to \u003ca href=\"https://github.com/vuejs/core/blob/minor/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e of the \u003ccode\u003eminor\u003c/code\u003e branch.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vuejs/core/blob/main/CHANGELOG.md\"\u003evue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vuejs/core/compare/v3.5.33...v3.5.34\"\u003e3.5.34\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e infer Vue ref wrapper types when source is unresolvable (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14758\"\u003e#14758\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/7f46fd411b4e3f75ca755ee1318ea8e9aff43f56\"\u003e7f46fd4\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14729\"\u003e#14729\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e preserve hash hrefs on \u003ccode\u003e\u0026lt;image\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14756\"\u003e#14756\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/090b2e3a5149ec951c5313b270e5400a1fc870ce\"\u003e090b2e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e resolve type re-exports inside declare global (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14766\"\u003e#14766\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/acfffe34e7724a84c21bb8e51e8a5bc0da35f350\"\u003eacfffe3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereactivity:\u003c/strong\u003e prevent orphan effect when created in a stopped scope (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14778\"\u003e#14778\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/c8e2d4adc9112d2529de0434acc1188dfc399bf4\"\u003ec8e2d4a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14777\"\u003e#14777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eruntime-core:\u003c/strong\u003e avoid symbol coercion during props validation (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/8539\"\u003e#8539\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/23d4fb5a6a070df3d2d4a043f0f62c141e376095\"\u003e23d4fb5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/8487\"\u003e#8487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esuspense:\u003c/strong\u003e avoid DOM leak with out-in transition in v-if fragment (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14762\"\u003e#14762\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/9667e0d498ab39273614682986a666c3e73024d9\"\u003e9667e0d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14761\"\u003e#14761\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vuejs/core/compare/v3.5.32...v3.5.33\"\u003e3.5.33\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecompiler-sfc:\u003c/strong\u003e handle nested :deep in selector pseudos (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14725\"\u003e#14725\u003c/a\u003e) (\u003ca href=\"https://github.com/vuejs/core/commit/bb9d265d8dcdde2af824fc01b24f9a7b3169f5fa\"\u003ebb9d265\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vuejs/core/issues/14724\"\u003e#14724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereactivity:\u003c/strong\u003e unlink effect scopes on out-of-order off (\u003ca href=\"https://redirect.github.com/vuejs/core/issues/14734\"\u003e#14734\u003c/a\u003e)...\n\n_Description has been truncated_","html_url":"https://github.com/admariner/parsec-cloud/pull/1102","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/admariner%2Fparsec-cloud/issues/1102","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1102/packages"}},{"old_version":"21.3.0","new_version":"21.3.4","update_type":"patch","path":null,"pr_created_at":"2026-06-02T03:30:47.000Z","version_change":"21.3.0 → 21.3.4","issue":{"uuid":"4568155888","node_id":"PR_kwDOQRcFuc7hnpgd","number":75,"state":"open","title":"chore(deps)(deps): bump the production-dependencies group across 1 directory with 69 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:30:47.000Z","updated_at":"2026-06-02T03:32:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"production-dependencies","update_count":69,"packages":[{"name":"ajv","old_version":"8.18.0","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"cosmiconfig","old_version":"9.0.0","new_version":"9.0.1","repository_url":"https://github.com/cosmiconfig/cosmiconfig"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@anthropic-ai/claude-code","old_version":"2.1.50","new_version":"2.1.160","repository_url":"https://github.com/anthropics/claude-code"},{"name":"@babel/code-frame","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/runtime","old_version":"7.28.6","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@borewit/text-codec","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/Borewit/text-codec"},{"name":"@google/genai","old_version":"1.42.0","new_version":"1.52.0","repository_url":"https://github.com/googleapis/js-genai"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@modelcontextprotocol/sdk","old_version":"1.26.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@protobufjs/codegen","old_version":"2.0.4","new_version":"2.0.5","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/eventemitter","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/fetch","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/inquire","old_version":"1.1.0","new_version":"1.1.2","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@supabase/supabase-js","old_version":"2.97.0","new_version":"2.106.2","repository_url":"https://github.com/supabase/supabase-js"},{"name":"fastmcp","old_version":"3.33.0","new_version":"3.35.0","repository_url":"https://github.com/punkpeye/fastmcp"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"b4a","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/holepunchto/b4a"},{"name":"bare-events","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/holepunchto/bare-events"},{"name":"bare-fs","old_version":"4.5.4","new_version":"4.7.1","repository_url":"https://github.com/holepunchto/bare-fs"},{"name":"bare-os","old_version":"3.6.2","new_version":"3.9.1","repository_url":"https://github.com/holepunchto/bare-os"},{"name":"bare-path","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/holepunchto/bare-path"},{"name":"bare-stream","old_version":"2.8.0","new_version":"2.13.1","repository_url":"https://github.com/holepunchto/bare-stream"},{"name":"bare-url","old_version":"2.3.2","new_version":"2.4.3","repository_url":"https://github.com/holepunchto/bare-url"},{"name":"es-object-atoms","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/ljharb/es-object-atoms"},{"name":"eventsource-parser","old_version":"3.0.6","new_version":"3.1.0","repository_url":"https://github.com/rexxars/eventsource-parser"},{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"figlet","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/patorjk/figlet.js"},{"name":"file-type","old_version":"21.3.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"fuse.js","old_version":"7.1.0","new_version":"7.4.1","repository_url":"https://github.com/krisk/Fuse"},{"name":"gaxios","old_version":"7.1.3","new_version":"7.1.4","repository_url":"https://github.com/googleapis/google-cloud-node-core"},{"name":"get-east-asian-width","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/sindresorhus/get-east-asian-width"},{"name":"google-auth-library","old_version":"10.5.0","new_version":"10.6.2","repository_url":"https://github.com/googleapis/google-cloud-node-core"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.4","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"hono","old_version":"4.12.1","new_version":"4.12.23","repository_url":"https://github.com/honojs/hono"},{"name":"jsonfile","old_version":"6.2.0","new_version":"6.2.1","repository_url":"https://github.com/jprichardson/node-jsonfile"},{"name":"koa","old_version":"3.1.1","new_version":"3.2.1","repository_url":"https://github.com/koajs/koa"},{"name":"mcp-proxy","old_version":"6.4.0","new_version":"6.5.1","repository_url":"https://github.com/punkpeye/mcp-proxy"},{"name":"nan","old_version":"2.25.0","new_version":"2.27.0","repository_url":"https://github.com/nodejs/nan"},{"name":"node-abi","old_version":"3.87.0","new_version":"3.92.0","repository_url":"https://github.com/electron/node-abi"},{"name":"protobufjs","old_version":"6.11.4","new_version":"6.11.6","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"pipenet","old_version":"1.4.0","new_version":"1.4.2","repository_url":"https://github.com/punkpeye/pipenet"},{"name":"pump","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/mafintosh/pump"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"side-channel-list","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/ljharb/side-channel-list"},{"name":"sql.js","old_version":"1.14.0","new_version":"1.14.1","repository_url":"https://github.com/sql-js/sql.js"},{"name":"strtok3","old_version":"10.3.4","new_version":"10.3.5","repository_url":"https://github.com/Borewit/strtok3"},{"name":"type-is","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/jshttp/type-is"},{"name":"undici","old_version":"7.22.0","new_version":"7.27.0","repository_url":"https://github.com/nodejs/undici"},{"name":"validator","old_version":"13.15.26","new_version":"13.15.35","repository_url":"https://github.com/validatorjs/validator.js"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"zod-to-json-schema","old_version":"3.25.1","new_version":"3.25.2","repository_url":"https://github.com/StefanTerdell/zod-to-json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 58 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` |\n| [cosmiconfig](https://github.com/cosmiconfig/cosmiconfig) | `9.0.0` | `9.0.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [@anthropic-ai/claude-code](https://github.com/anthropics/claude-code) | `2.1.50` | `2.1.160` |\n| [@babel/code-frame](https://github.com/babel/babel/tree/HEAD/packages/babel-code-frame) | `7.29.0` | `7.29.7` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.28.6` | `7.29.7` |\n| [@borewit/text-codec](https://github.com/Borewit/text-codec) | `0.2.1` | `0.2.2` |\n| [@google/genai](https://github.com/googleapis/js-genai) | `1.42.0` | `1.52.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.26.0` | `1.29.0` |\n| [@protobufjs/codegen](https://github.com/dcodeIO/protobuf.js) | `2.0.4` | `2.0.5` |\n| [@protobufjs/eventemitter](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@protobufjs/fetch](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@protobufjs/inquire](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.2` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.97.0` | `2.106.2` |\n| [fastmcp](https://github.com/punkpeye/fastmcp) | `3.33.0` | `3.35.0` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [b4a](https://github.com/holepunchto/b4a) | `1.8.0` | `1.8.1` |\n| [bare-events](https://github.com/holepunchto/bare-events) | `2.8.2` | `2.8.3` |\n| [bare-fs](https://github.com/holepunchto/bare-fs) | `4.5.4` | `4.7.1` |\n| [bare-os](https://github.com/holepunchto/bare-os) | `3.6.2` | `3.9.1` |\n| [bare-path](https://github.com/holepunchto/bare-path) | `3.0.0` | `3.0.1` |\n| [bare-stream](https://github.com/holepunchto/bare-stream) | `2.8.0` | `2.13.1` |\n| [bare-url](https://github.com/holepunchto/bare-url) | `2.3.2` | `2.4.3` |\n| [es-object-atoms](https://github.com/ljharb/es-object-atoms) | `1.1.1` | `1.1.2` |\n| [eventsource-parser](https://github.com/rexxars/eventsource-parser) | `3.0.6` | `3.1.0` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.5.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [figlet](https://github.com/patorjk/figlet.js) | `1.10.0` | `1.11.0` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` |\n| [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.4.1` |\n| [gaxios](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/gaxios) | `7.1.3` | `7.1.4` |\n| [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` |\n| [google-auth-library](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/google-auth-library-nodejs) | `10.5.0` | `10.6.2` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.4` |\n| [hono](https://github.com/honojs/hono) | `4.12.1` | `4.12.23` |\n| [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` |\n| [koa](https://github.com/koajs/koa) | `3.1.1` | `3.2.1` |\n| [mcp-proxy](https://github.com/punkpeye/mcp-proxy) | `6.4.0` | `6.5.1` |\n| [nan](https://github.com/nodejs/nan) | `2.25.0` | `2.27.0` |\n| [node-abi](https://github.com/electron/node-abi) | `3.87.0` | `3.92.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.4` | `6.11.6` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [pipenet](https://github.com/punkpeye/pipenet) | `1.4.0` | `1.4.2` |\n| [pump](https://github.com/mafintosh/pump) | `3.0.3` | `3.0.4` |\n| [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.2` |\n| [side-channel-list](https://github.com/ljharb/side-channel-list) | `1.0.0` | `1.0.1` |\n| [sql.js](https://github.com/sql-js/sql.js) | `1.14.0` | `1.14.1` |\n| [strtok3](https://github.com/Borewit/strtok3) | `10.3.4` | `10.3.5` |\n| [type-is](https://github.com/jshttp/type-is) | `2.0.1` | `2.1.0` |\n| [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.27.0` |\n| [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |\n| [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.1` | `3.25.2` |\n\n\nUpdates `ajv` from 8.18.0 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cosmiconfig` from 9.0.0 to 9.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/blob/main/CHANGELOG.md\"\u003ecosmiconfig's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a race condition where multiple instances existing simultaneously could cause cosmiconfig to fail to load TypeScript config files.\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where CWD being a short path (e.g. \u003ccode\u003eC:\\Users\\USERNA~1\u003c/code\u003e) would cause cosmiconfig to fail to load ESM config files.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/9a5cda3785913cce1eb5fa257e5994914b9ec599\"\u003e\u003ccode\u003e9a5cda3\u003c/code\u003e\u003c/a\u003e 9.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/2174017c97461f3bcc9873e613a886cb6f68b2b9\"\u003e\u003ccode\u003e2174017\u003c/code\u003e\u003c/a\u003e update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/536d4a02a00a571f4fd9aeff4d8305734d2a1847\"\u003e\u003ccode\u003e536d4a0\u003c/code\u003e\u003c/a\u003e Prevent race conditions when running multiple instances of \u003ccode\u003ecosmiconfig\u003c/code\u003e and ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/4b48611addab10e87336d09d681bc4de42ed85db\"\u003e\u003ccode\u003e4b48611\u003c/code\u003e\u003c/a\u003e remove debug log\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/53d17450120e1cb656484f81331b3e105b1e6bf4\"\u003e\u003ccode\u003e53d1745\u003c/code\u003e\u003c/a\u003e remove more EOL node versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/7c1a1e328beb830da829c8191e9a74e4a69b61e0\"\u003e\u003ccode\u003e7c1a1e3\u003c/code\u003e\u003c/a\u003e replace resolve with realpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/fcc908446c8869d025778f0149265480ab6272be\"\u003e\u003ccode\u003efcc9084\u003c/code\u003e\u003c/a\u003e add additional path.resolve for windows short paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/7e995c859ede41181850cbf320fe53ff22400482\"\u003e\u003ccode\u003e7e995c8\u003c/code\u003e\u003c/a\u003e debug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/52b6b1c9fa43230b6b034a6319c18ffc33f29d30\"\u003e\u003ccode\u003e52b6b1c\u003c/code\u003e\u003c/a\u003e drop node 14 build as it seems to fail for unreachable reasons\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/commit/db45e388b3cc33d2ea993ea4f4845bad86c9ca81\"\u003e\u003ccode\u003edb45e38\u003c/code\u003e\u003c/a\u003e fix tests on windows (3)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cosmiconfig/cosmiconfig/compare/v9.0.0...v9.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@anthropic-ai/claude-code` from 2.1.50 to 2.1.160\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code/releases\"\u003e@​anthropic-ai/claude-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.160\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a prompt before writing to shell startup files (\u003ccode\u003e.zshenv\u003c/code\u003e, \u003ccode\u003e.zlogin\u003c/code\u003e, \u003ccode\u003e.bash_login\u003c/code\u003e) and \u003ccode\u003e~/.config/git/\u003c/code\u003e, which could otherwise lead to unintended command execution\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eacceptEdits\u003c/code\u003e mode now prompts before writing build-tool config files that grant code execution (\u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.yarnrc*\u003c/code\u003e, \u003ccode\u003ebunfig.toml\u003c/code\u003e, \u003ccode\u003e.bazelrc\u003c/code\u003e, \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e, \u003ccode\u003e.devcontainer/\u003c/code\u003e, etc.)\u003c/li\u003e\n\u003cli\u003eEdit no longer requires a separate Read after viewing a file with \u003ccode\u003egrep\u003c/code\u003e: single-file \u003ccode\u003egrep\u003c/code\u003e/\u003ccode\u003eegrep\u003c/code\u003e/\u003ccode\u003efgrep\u003c/code\u003e commands now satisfy the read-before-edit check\u003c/li\u003e\n\u003cli\u003eFixed copy-on-select not writing to the Windows clipboard on WSL — now uses PowerShell interop instead of OSC 52, which terminals like MobaXterm don't support\u003c/li\u003e\n\u003cli\u003eFixed restoring a completed session from \u003ccode\u003eclaude agents\u003c/code\u003e dropping chat history and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed background sessions re-attached after overnight retire losing their conversation and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude --bg\u003c/code\u003e occasionally failing with \u0026quot;socket missing\u0026quot; when the background daemon was cold-starting on a loaded machine\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where the directory a background session was started in could not be deleted after \u003ccode\u003eclaude rm\u003c/code\u003e until the background daemon exited\u003c/li\u003e\n\u003cli\u003eFixed background agents that resumed work being shown under Completed in the agents list\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e freezing for several seconds when returning to the session list due to the auto-updater re-checking on every exit\u003c/li\u003e\n\u003cli\u003eFixed Esc, arrow keys, and typing becoming unresponsive on Windows when attached to a background session or in the agent view while the host is under heavy CPU load\u003c/li\u003e\n\u003cli\u003eFixed background agents emitting terminal sync-output markers to terminals that don't support them (Apple Terminal, tmux), causing render artifacts when entering a running agent\u003c/li\u003e\n\u003cli\u003eFixed mouse wheel scrolling prompt history instead of the transcript right after opening a session from the agents list\u003c/li\u003e\n\u003cli\u003eFixed CJK IME composition appearing at the bottom-left of the screen instead of at the input caret in the \u003ccode\u003eclaude agents\u003c/code\u003e view\u003c/li\u003e\n\u003cli\u003eFixed valid \u003ccode\u003efile:///C:/...\u003c/code\u003e links being rewritten to a broken path on Windows terminals with hyperlink support\u003c/li\u003e\n\u003cli\u003eFixed voice mode failing to connect when the project directory or branch name contains non-ASCII or special characters\u003c/li\u003e\n\u003cli\u003eFixed the auto mode unavailability message on third-party providers (Bedrock/Vertex/Foundry) to point to the \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE\u003c/code\u003e opt-in instead of incorrectly blaming the model\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e/effort ultracode\u003c/code\u003e incorrectly blaming the dynamic workflows setting when the model cannot run xhigh; ultracode is no longer offered on models that do not support it\u003c/li\u003e\n\u003cli\u003eFixed model-not-found errors suggesting \u003ccode\u003e--model\u003c/code\u003e when running via the SDK or other hosts where the CLI flag doesn't apply\u003c/li\u003e\n\u003cli\u003eFixed Claude's past replies disappearing from scrollback when resuming a brief mode session with brief mode turned off\u003c/li\u003e\n\u003cli\u003eFixed vim mode \u003ccode\u003ep\u003c/code\u003e pasting on the line below instead of at the cursor when the register was yanked with \u003ccode\u003ev$\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved performance of opening recently-inactive background agent sessions in \u003ccode\u003eclaude agents\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved auto mode classifier latency by reducing reasoning on routine actions, lowering the chance of \u0026quot;could not evaluate this action\u0026quot; blocks\u003c/li\u003e\n\u003cli\u003eImproved background-session teardown (\u003ccode\u003eclaude rm\u003c/code\u003e/\u003ccode\u003estop\u003c/code\u003e, idle reap) to send SIGTERM to running shell subprocesses before SIGKILL, so cleanup handlers run\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eCLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE\u003c/code\u003e; the environment variable is now a no-op\u003c/li\u003e\n\u003cli\u003eRemoved the JetBrains plugin install suggestion from startup\u003c/li\u003e\n\u003cli\u003eRenamed the dynamic-workflow trigger keyword from \u003ccode\u003eworkflow\u003c/code\u003e to \u003ccode\u003eultracode\u003c/code\u003e. The word \u0026quot;workflow\u0026quot; no longer triggers a run; asking for one in your own words still works. The trigger keyword is highlighted in violet in the prompt input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.159\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInternal infrastructure improvements (no user-facing changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.158\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuto mode is now available on Bedrock, Vertex, and Foundry for Opus 4.7 and Opus 4.8. Opt in by setting \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.1.157\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePlugins in \u003ccode\u003e.claude/skills\u003c/code\u003e directories are now automatically loaded, no marketplace required\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eclaude plugin init \u0026lt;name\u0026gt;\u003c/code\u003e to scaffold a new plugin in \u003ccode\u003e.claude/skills\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded autocomplete for \u003ccode\u003e/plugin\u003c/code\u003e arguments: subcommands, installed plugin names, and plugins from known marketplaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eclaude agents\u003c/code\u003e: the \u003ccode\u003eagent\u003c/code\u003e field in \u003ccode\u003esettings.json\u003c/code\u003e is now honored for dispatched sessions, with \u003ccode\u003e--agent \u0026lt;name\u0026gt;\u003c/code\u003e to override it\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnterWorktree\u003c/code\u003e can now switch between Claude-managed worktrees mid-session\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etool_decision\u003c/code\u003e telemetry events now include \u003ccode\u003etool_parameters\u003c/code\u003e (bash commands, MCP/skill names) when \u003ccode\u003eOTEL_LOG_TOOL_DETAILS=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md\"\u003e@​anthropic-ai/claude-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.160\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a prompt before writing to shell startup files (\u003ccode\u003e.zshenv\u003c/code\u003e, \u003ccode\u003e.zlogin\u003c/code\u003e, \u003ccode\u003e.bash_login\u003c/code\u003e) and \u003ccode\u003e~/.config/git/\u003c/code\u003e, which could otherwise lead to unintended command execution\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eacceptEdits\u003c/code\u003e mode now prompts before writing build-tool config files that grant code execution (\u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.yarnrc*\u003c/code\u003e, \u003ccode\u003ebunfig.toml\u003c/code\u003e, \u003ccode\u003e.bazelrc\u003c/code\u003e, \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e, \u003ccode\u003e.devcontainer/\u003c/code\u003e, etc.)\u003c/li\u003e\n\u003cli\u003eEdit no longer requires a separate Read after viewing a file with \u003ccode\u003egrep\u003c/code\u003e: single-file \u003ccode\u003egrep\u003c/code\u003e/\u003ccode\u003eegrep\u003c/code\u003e/\u003ccode\u003efgrep\u003c/code\u003e commands now satisfy the read-before-edit check\u003c/li\u003e\n\u003cli\u003eFixed copy-on-select not writing to the Windows clipboard on WSL — now uses PowerShell interop instead of OSC 52, which terminals like MobaXterm don't support\u003c/li\u003e\n\u003cli\u003eFixed restoring a completed session from \u003ccode\u003eclaude agents\u003c/code\u003e dropping chat history and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed background sessions re-attached after overnight retire losing their conversation and re-running the original prompt\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude --bg\u003c/code\u003e occasionally failing with \u0026quot;socket missing\u0026quot; when the background daemon was cold-starting on a loaded machine\u003c/li\u003e\n\u003cli\u003eFixed an issue on Windows where the directory a background session was started in could not be deleted after \u003ccode\u003eclaude rm\u003c/code\u003e until the background daemon exited\u003c/li\u003e\n\u003cli\u003eFixed background agents that resumed work being shown under Completed in the agents list\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e freezing for several seconds when returning to the session list due to the auto-updater re-checking on every exit\u003c/li\u003e\n\u003cli\u003eFixed Esc, arrow keys, and typing becoming unresponsive on Windows when attached to a background session or in the agent view while the host is under heavy CPU load\u003c/li\u003e\n\u003cli\u003eFixed background agents emitting terminal sync-output markers to terminals that don't support them (Apple Terminal, tmux), causing render artifacts when entering a running agent\u003c/li\u003e\n\u003cli\u003eFixed mouse wheel scrolling prompt history instead of the transcript right after opening a session from the agents list\u003c/li\u003e\n\u003cli\u003eFixed CJK IME composition appearing at the bottom-left of the screen instead of at the input caret in the \u003ccode\u003eclaude agents\u003c/code\u003e view\u003c/li\u003e\n\u003cli\u003eFixed valid \u003ccode\u003efile:///C:/...\u003c/code\u003e links being rewritten to a broken path on Windows terminals with hyperlink support\u003c/li\u003e\n\u003cli\u003eFixed voice mode failing to connect when the project directory or branch name contains non-ASCII or special characters\u003c/li\u003e\n\u003cli\u003eFixed the auto mode unavailability message on third-party providers (Bedrock/Vertex/Foundry) to point to the \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE\u003c/code\u003e opt-in instead of incorrectly blaming the model\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e/effort ultracode\u003c/code\u003e incorrectly blaming the dynamic workflows setting when the model cannot run xhigh; ultracode is no longer offered on models that do not support it\u003c/li\u003e\n\u003cli\u003eFixed model-not-found errors suggesting \u003ccode\u003e--model\u003c/code\u003e when running via the SDK or other hosts where the CLI flag doesn't apply\u003c/li\u003e\n\u003cli\u003eFixed Claude's past replies disappearing from scrollback when resuming a brief mode session with brief mode turned off\u003c/li\u003e\n\u003cli\u003eFixed vim mode \u003ccode\u003ep\u003c/code\u003e pasting on the line below instead of at the cursor when the register was yanked with \u003ccode\u003ev$\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved performance of opening recently-inactive background agent sessions in \u003ccode\u003eclaude agents\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImproved auto mode classifier latency by reducing reasoning on routine actions, lowering the chance of \u0026quot;could not evaluate this action\u0026quot; blocks\u003c/li\u003e\n\u003cli\u003eImproved background-session teardown (\u003ccode\u003eclaude rm\u003c/code\u003e/\u003ccode\u003estop\u003c/code\u003e, idle reap) to send SIGTERM to running shell subprocesses before SIGKILL, so cleanup handlers run\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eCLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE\u003c/code\u003e; the environment variable is now a no-op\u003c/li\u003e\n\u003cli\u003eRemoved the JetBrains plugin install suggestion from startup\u003c/li\u003e\n\u003cli\u003eRenamed the dynamic-workflow trigger keyword from \u003ccode\u003eworkflow\u003c/code\u003e to \u003ccode\u003eultracode\u003c/code\u003e. The word \u0026quot;workflow\u0026quot; no longer triggers a run; asking for one in your own words still works. The trigger keyword is highlighted in violet in the prompt input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.159\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInternal infrastructure improvements (no user-facing changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.158\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuto mode is now available on Bedrock, Vertex, and Foundry for Opus 4.7 and Opus 4.8. Opt in by setting \u003ccode\u003eCLAUDE_CODE_ENABLE_AUTO_MODE=1\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.157\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePlugins in \u003ccode\u003e.claude/skills\u003c/code\u003e directories are now automatically loaded, no marketplace required\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eclaude plugin init \u0026lt;name\u0026gt;\u003c/code\u003e to scaffold a new plugin in \u003ccode\u003e.claude/skills\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded autocomplete for \u003ccode\u003e/plugin\u003c/code\u003e arguments: subcommands, installed plugin names, and plugins from known marketplaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eclaude agents\u003c/code\u003e: the \u003ccode\u003eagent\u003c/code\u003e field in \u003ccode\u003esettings.json\u003c/code\u003e is now honored for dispatched sessions, with \u003ccode\u003e--agent \u0026lt;name\u0026gt;\u003c/code\u003e to override it\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnterWorktree\u003c/code\u003e can now switch between Claude-managed worktrees mid-session\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etool_decision\u003c/code\u003e telemetry events now include \u003ccode\u003etool_parameters\u003c/code\u003e (bash commands, MCP/skill names) when \u003ccode\u003eOTEL_LOG_TOOL_DETAILS=1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWorktrees managed by Claude are now left unlocked when the agent finishes, so \u003ccode\u003egit worktree remove\u003c/code\u003e/\u003ccode\u003eprune\u003c/code\u003e can clean them up\u003c/li\u003e\n\u003cli\u003eFixed unprocessable images (zero-byte, corrupt) attached via paste, MCP, or dialog crashing the request instead of becoming a text placeholder\u003c/li\u003e\n\u003cli\u003eFixed sandbox network permission prompts appearing in auto and bypass-permissions mode when using the desktop app, IDE extensions, or SDK\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eclaude agents\u003c/code\u003e completed sessions not retiring when an idle subagent was still parked or had leaked a backgrounded shell\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/bdb04fc52421537f63bbcb9685e1c0905689f8f7\"\u003e\u003ccode\u003ebdb04fc\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/8bae02d5319c619f84f51476188e5b28b2e5816b\"\u003e\u003ccode\u003e8bae02d\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/295dee881d0e1c1d0cd22fe171e4c1d07118fb04\"\u003e\u003ccode\u003e295dee8\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/8d0fbf451ace0d291f1cdae824c66e1227e117c4\"\u003e\u003ccode\u003e8d0fbf4\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/2d5c3c6c85048de7a4426a91268076807ebaeba5\"\u003e\u003ccode\u003e2d5c3c6\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/1696f2229402f16f12a19170d2ad87d22459d544\"\u003e\u003ccode\u003e1696f22\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/3bb44552af73d65ae4afd663823bef05227d9769\"\u003e\u003ccode\u003e3bb4455\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/b7339920b69f4a395c28727a1e2305dc5b122cb2\"\u003e\u003ccode\u003eb733992\u003c/code\u003e\u003c/a\u003e chore: Update CHANGELOG.md and feed.xml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/d08288e09fe95340a68d58ae3fd783cb56494781\"\u003e\u003ccode\u003ed08288e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/anthropics/claude-code/issues/62592\"\u003e#62592\u003c/a\u003e from mhegazy/readme-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code/commit/bf4a74d9810e07134bb69550f7fbae8ada50b84a\"\u003e\u003ccode\u003ebf4a74d\u003c/code\u003e\u003c/a\u003e Update docs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/claude-code/compare/v2.1.50...v2.1.160\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epostinstall\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/code-frame` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/code-frame's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-code-frame/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-code-frame\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helper-validator-identifier` from 7.28.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helper-validator-identifier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helper-validator-identifier/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-helper-validator-identifier\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/runtime` from 7.28.6 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@borewit/text-codec` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/text-codec/releases\"\u003e@​borewit/text-codec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: improve encoding correctness and update README \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/36\"\u003e#36\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/@borewit/text-codec/v/0.2.2\"\u003e@​borewit/text-codec@0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/c2ce9c502abb9276e832220ee6e4fa9c4105301a\"\u003e\u003ccode\u003ec2ce9c5\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/e2f070561c21930a4fb6855947304603b7b1a183\"\u003e\u003ccode\u003ee2f0705\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/23\"\u003e#23\u003c/a\u003e from Borewit/dependabot/npm_and_yarn/master/chai-6.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/5e58cb8acf430548b8432998cff75bbef08bdf3a\"\u003e\u003ccode\u003e5e58cb8\u003c/code\u003e\u003c/a\u003e Bump chai from 5.2.1 to 6.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/bc315b8d29fc3b62efabd5146c1e74b3794a91ef\"\u003e\u003ccode\u003ebc315b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/37\"\u003e#37\u003c/a\u003e from Borewit/update-biome\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/f32adfce86b67f1b0871d10be67fbf4b693f39b7\"\u003e\u003ccode\u003ef32adfc\u003c/code\u003e\u003c/a\u003e Update biome to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/7776373963362f621dce98087879db7363b4119f\"\u003e\u003ccode\u003e7776373\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Borewit/text-codec/issues/36\"\u003e#36\u003c/a\u003e from Borewit/fix-most-issue-exodus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/text-codec/commit/068d7d45b404908b5eb0cbbb01cb5512b048f141\"\u003e\u003ccode\u003e068d7d4\u003c/code\u003e\u003c/a\u003e fix: improve encoding correctness and update README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Borewit/text-codec/compare/v0.2.1...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@google/genai` from 1.42.0 to 1.52.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/js-genai/releases\"\u003e@​google/genai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.52.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.51.0...v1.52.0\"\u003e1.52.0\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Multimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003ee626bef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e54caf6b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.51.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.1...v1.51.0\"\u003e1.51.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (\u003ca href=\"https://github.com/googleapis/js-genai/commit/9e08ba923452a7028931ba4d054290115514578e\"\u003e9e08ba9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eoutput_info\u003c/code\u003e to \u003ccode\u003eBatchJob\u003c/code\u003e (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5327c605960c1e06ff987d488082704bdbae597a\"\u003e5327c60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd gemini-3.1-flash-tts-preview model to options (\u003ca href=\"https://github.com/googleapis/js-genai/commit/35c941b024f7bff50fdcf155dda409d977b1cfcb\"\u003e35c941b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd ImageResizeMode for GenerateVideos (\u003ca href=\"https://github.com/googleapis/js-genai/commit/faa1088785f0a733b9b65af9f78229f464a9f4c3\"\u003efaa1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd new Gemini Deep Research agent models (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6f83a0533f6c9ea7cd97e218f313ebfbd77323ad\"\u003e6f83a05\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Vertex Dataset input and output options for batch jobs (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6aa848e9be75843821ba44db1e9947e4ee9cf899\"\u003e6aa848e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einteraction-api:\u003c/strong\u003e Add grounding tool usage breakdown to Interaction Usage. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003ee1c31ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eintroduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (\u003ca href=\"https://github.com/googleapis/js-genai/commit/cf7ad529f2b0d5b228ea238660f88df61305eacd\"\u003ecf7ad52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace the more ambiguous rate field with sample_rate. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6c804649ec721d9e8ac20922252183eec5b57dc9\"\u003e6c80464\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.50.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.0...v1.50.1\"\u003e1.50.1\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor Webhook types in GenAI SDKs for easier useage (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5100abc2cec39c29a297545fe89a22b9ba2149bf\"\u003e5100abc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003ewebhooks.retrieve\u003c/code\u003e to \u003ccode\u003ewebhooks.get\u003c/code\u003e. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/db6e771cc3b6da984e7fe71ca7cc722303ee6a3b\"\u003edb6e771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.50.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.49.0...v1.50.0\"\u003e1.50.0\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003cstrong\u003eCRITICAL WARNING:\u003c/strong\u003e Do \u003cstrong\u003enot\u003c/strong\u003e use this version if you are implementing or relying on \u003cstrong\u003ewebhooks\u003c/strong\u003e. This release contains known issues regarding webhook sdk. Please use v1.51.0 or later.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u0026quot;eu\u0026quot; as a supported service location for Vertex AI platform. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/2493f9c6d10817766a22bb45eb65468b95f7ae87\"\u003e2493f9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd DeepResearchAgentConfig fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/3615ca2063f65b313f9963b6f47a67be320a0edd\"\u003e3615ca2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Live Avatar new fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6a0ff9699ebea6cd517834e43d23bcb362f04aa8\"\u003e6a0ff96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new audio MIME types: opus, alaw, and mulaw (\u003ca href=\"https://github.com/googleapis/js-genai/commit/7137f13069bb65501b7816efb96924c40c2977cd\"\u003e7137f13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd webhook and webhookConfig for js and python sdk (\u003ca href=\"https://github.com/googleapis/js-genai/commit/0f8960591f5f6359558bd9aedd868e4747eb6834\"\u003e0f89605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd webhook_config to batches.create() and models.generate_videos() (\u003ca href=\"https://github.com/googleapis/js-genai/commit/894bc937de0fdacc018bbf585cdbb75daaa7f943\"\u003e894bc93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWire the webhook into python and js client. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/b6c5d189bc0ae98550c45333c5e7a9bc43648dd3\"\u003eb6c5d18\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md\"\u003e@​google/genai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.51.0...v1.52.0\"\u003e1.52.0\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Multimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003ee626bef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultimodal file search (\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e54caf6b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.1...v1.51.0\"\u003e1.51.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (\u003ca href=\"https://github.com/googleapis/js-genai/commit/9e08ba923452a7028931ba4d054290115514578e\"\u003e9e08ba9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eoutput_info\u003c/code\u003e to \u003ccode\u003eBatchJob\u003c/code\u003e (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5327c605960c1e06ff987d488082704bdbae597a\"\u003e5327c60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd gemini-3.1-flash-tts-preview model to options (\u003ca href=\"https://github.com/googleapis/js-genai/commit/35c941b024f7bff50fdcf155dda409d977b1cfcb\"\u003e35c941b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd ImageResizeMode for GenerateVideos (\u003ca href=\"https://github.com/googleapis/js-genai/commit/faa1088785f0a733b9b65af9f78229f464a9f4c3\"\u003efaa1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd new Gemini Deep Research agent models (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6f83a0533f6c9ea7cd97e218f313ebfbd77323ad\"\u003e6f83a05\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Vertex Dataset input and output options for batch jobs (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6aa848e9be75843821ba44db1e9947e4ee9cf899\"\u003e6aa848e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einteraction-api:\u003c/strong\u003e Add grounding tool usage breakdown to Interaction Usage. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003ee1c31ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eintroduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (\u003ca href=\"https://github.com/googleapis/js-genai/commit/cf7ad529f2b0d5b228ea238660f88df61305eacd\"\u003ecf7ad52\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace the more ambiguous rate field with sample_rate. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6c804649ec721d9e8ac20922252183eec5b57dc9\"\u003e6c80464\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.50.0...v1.50.1\"\u003e1.50.1\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor Webhook types in GenAI SDKs for easier useage (\u003ca href=\"https://github.com/googleapis/js-genai/commit/5100abc2cec39c29a297545fe89a22b9ba2149bf\"\u003e5100abc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003ewebhooks.retrieve\u003c/code\u003e to \u003ccode\u003ewebhooks.get\u003c/code\u003e. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/db6e771cc3b6da984e7fe71ca7cc722303ee6a3b\"\u003edb6e771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.49.0...v1.50.0\"\u003e1.50.0\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u0026quot;eu\u0026quot; as a supported service location for Vertex AI platform. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/2493f9c6d10817766a22bb45eb65468b95f7ae87\"\u003e2493f9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd DeepResearchAgentConfig fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/3615ca2063f65b313f9963b6f47a67be320a0edd\"\u003e3615ca2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Live Avatar new fields (\u003ca href=\"https://github.com/googleapis/js-genai/commit/6a0ff9699ebea6cd517834e43d23bcb362f04aa8\"\u003e6a0ff96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new audio MIME types: opus, alaw, and mulaw (\u003ca href=\"https://github.com/googleapis/js-genai/commit/7137f13069bb65501b7816efb96924c40c2977cd\"\u003e7137f13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd webhook and webhookConfig for js and python sdk (\u003ca href=\"https://github.com/googleapis/js-genai/commit/0f8960591f5f6359558bd9aedd868e4747eb6834\"\u003e0f89605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd webhook_config to batches.create() and models.generate_videos() (\u003ca href=\"https://github.com/googleapis/js-genai/commit/894bc937de0fdacc018bbf585cdbb75daaa7f943\"\u003e894bc93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWire the webhook into python and js client. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/b6c5d189bc0ae98550c45333c5e7a9bc43648dd3\"\u003eb6c5d18\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.48.0...v1.49.0\"\u003e1.49.0\u003c/a\u003e (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce TYPE_L16 audio content and optional fields. (\u003ca href=\"https://github.com/googleapis/js-genai/commit/c62cb9a1025990ef52adf3fb5d379e180c27eb36\"\u003ec62cb9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e8c8c4432a9ac650fb5b658b0777f7f42a268aba\"\u003e\u003ccode\u003ee8c8c44\u003c/code\u003e\u003c/a\u003e chore(main): release 1.52.0 (\u003ca href=\"https://redirect.github.com/googleapis/js-genai/issues/1546\"\u003e#1546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/50d81caa594935240d86b07b7958b9b11c5c4629\"\u003e\u003ccode\u003e50d81ca\u003c/code\u003e\u003c/a\u003e chore: [Multimodal FileSearch] Move embedding_model to body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/54caf6bd4683939f3f3b6844252e5a19a90e7e9a\"\u003e\u003ccode\u003e54caf6b\u003c/code\u003e\u003c/a\u003e feat: Multimodal file search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e626bef1a780a54b5b3fe04f062adf708335bd58\"\u003e\u003ccode\u003ee626bef\u003c/code\u003e\u003c/a\u003e feat: [Python] Multimodal file search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/61013d63a8f7d73a3fc920daa66b6ef769cff2a9\"\u003e\u003ccode\u003e61013d6\u003c/code\u003e\u003c/a\u003e chore(main): release 1.51.0 (\u003ca href=\"https://redirect.github.com/googleapis/js-genai/issues/1503\"\u003e#1503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/8137d23260a267cc4c09e0fc22320afe82400650\"\u003e\u003ccode\u003e8137d23\u003c/code\u003e\u003c/a\u003e chore: add the deprecation marker back\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/734dab038058edabae8e855c4ff217bd0e9bfcd4\"\u003e\u003ccode\u003e734dab0\u003c/code\u003e\u003c/a\u003e chore: no-op\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/006286b61eb416ee8503aacf5016ab66598f2e2f\"\u003e\u003ccode\u003e006286b\u003c/code\u003e\u003c/a\u003e chore: Add page number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/986bbedaec6dd40c0d6b00774e2bcab4d35db06b\"\u003e\u003ccode\u003e986bbed\u003c/code\u003e\u003c/a\u003e chore: Adjust Webhook update to better reflect modifiable fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/js-genai/commit/e1c31ad0853be56ba0cddabe8eceb208eaf5c2a4\"\u003e\u003ccode\u003ee1c31ad\u003c/code\u003e\u003c/a\u003e feat(interaction-api): Add grounding tool usage breakdown to Interaction Usage.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/js-genai/compare/v1.42.0...v1.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epreinstall\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.26.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/LLM-Dev-Ops/forge/pull/75","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LLM-Dev-Ops%2Fforge/issues/75","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/75/packages"}},{"old_version":"16.5.4","new_version":"21.3.4","update_type":"major","path":null,"pr_created_at":"2026-06-01T02:33:31.000Z","version_change":"16.5.4 → 21.3.4","issue":{"uuid":"4559906375","node_id":"PR_kwDORua-IM7hMwou","number":21,"state":"open","title":"chore(deps): bump file-type from 16.5.4 to 21.3.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T02:33:31.000Z","updated_at":"2026-06-01T02:34:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"file-type","old_version":"16.5.4","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"}],"path":null,"ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.4 to 21.3.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| file-type | [\u003e= 22.a, \u003c 23] |\n\u003c/details\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=file-type\u0026package-manager=npm_and_yarn\u0026previous-version=16.5.4\u0026new-version=21.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/thinhphan109/EasyRevise/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinhphan109%2FEasyRevise/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"20.4.1","new_version":"21.3.4","update_type":"major","path":null,"pr_created_at":"2026-06-01T01:37:20.000Z","version_change":"20.4.1 → 21.3.4","issue":{"uuid":"4559719135","node_id":"PR_kwDOR5onnM7hMK44","number":18,"state":"closed","title":"build(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-01T01:48:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T01:37:20.000Z","updated_at":"2026-06-01T01:48:48.000Z","time_to_close":680,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"@nestjs/core","old_version":"10.4.15","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"postcss","old_version":"8.5.8","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"file-type","old_version":"20.4.1","new_version":"21.3.4"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) and [postcss](https://github.com/postcss/postcss).\n\nUpdates `@nestjs/core` from 10.4.15 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 20.4.1 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.4.1...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fernando-msa/InfraCare/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/fernando-msa/InfraCare/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fernando-msa%2FInfraCare/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"21.3.0","new_version":"21.3.2","update_type":"patch","path":null,"pr_created_at":"2026-05-26T18:28:59.000Z","version_change":"21.3.0 → 21.3.2","issue":{"uuid":"4526509805","node_id":"PR_kwDORerhds7fhqfC","number":15,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T00:28:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T18:28:59.000Z","updated_at":"2026-06-02T00:28:10.000Z","time_to_close":539949,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ws","old_version":"8.19.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.12.0","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.12.0` | `11.12.3` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/zalo directory: [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /ui directory: [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.0 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.0...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.12.0 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.12.0...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.19.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.19.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://gith...\n\n_Description has been truncated_","html_url":"https://github.com/pierrecabell-commits/Alii-Core/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pierrecabell-commits%2FAlii-Core/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"16.5.4","new_version":"21.3.2","update_type":"major","path":null,"pr_created_at":"2026-05-24T00:01:02.000Z","version_change":"16.5.4 → 21.3.2","issue":{"uuid":"4509952342","node_id":"PR_kwDOK3-Xis7es_sG","number":663,"state":"open","title":"Bump file-type and ibm-cloud-sdk-core","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T00:01:02.000Z","updated_at":"2026-05-24T00:02:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"file-type","repository_url":"https://github.com/sindresorhus/file-type","old_version":"16.5.4","new_version":"21.3.2"},{"name":"ibm-cloud-sdk-core","repository_url":"https://github.com/IBM/node-sdk-core","old_version":"5.4.2","new_version":"5.4.20"}],"path":null,"ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) and [ibm-cloud-sdk-core](https://github.com/IBM/node-sdk-core). These dependencies needed to be updated together.\nUpdates `file-type` from 16.5.4 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ibm-cloud-sdk-core` from 5.4.2 to 5.4.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/IBM/node-sdk-core/releases\"\u003eibm-cloud-sdk-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.19...v5.4.20\"\u003e5.4.20\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003ed10af78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.19\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.18...v5.4.19\"\u003e5.4.19\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003eba450c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.18\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.17...v5.4.18\"\u003e5.4.18\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003ebbd8b7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.17\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.16...v5.4.17\"\u003e5.4.17\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloning to deepmerge (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/352\"\u003e#352\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/3e05fb3229a0f080865f3278f4ec7b658eed3b67\"\u003e3e05fb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.16\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.15...v5.4.16\"\u003e5.4.16\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e regenerate package-lock.json (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/9e76ad6596b779eaae5c4dfdd572f145522de96e\"\u003e9e76ad6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.15\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.14...v5.4.15\"\u003e5.4.15\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd test cases for new functions (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/350\"\u003e#350\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/c4b80daee3c1f18a84d756ac60c1d7d9a2b76d46\"\u003ec4b80da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.14\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.13...v5.4.14\"\u003e5.4.14\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/IBM/node-sdk-core/blob/main/CHANGELOG.md\"\u003eibm-cloud-sdk-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.19...v5.4.20\"\u003e5.4.20\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003ed10af78\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.18...v5.4.19\"\u003e5.4.19\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003eba450c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.17...v5.4.18\"\u003e5.4.18\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003ebbd8b7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.16...v5.4.17\"\u003e5.4.17\u003c/a\u003e (2026-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd cloning to deepmerge (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/352\"\u003e#352\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/3e05fb3229a0f080865f3278f4ec7b658eed3b67\"\u003e3e05fb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.15...v5.4.16\"\u003e5.4.16\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e regenerate package-lock.json (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/9e76ad6596b779eaae5c4dfdd572f145522de96e\"\u003e9e76ad6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.14...v5.4.15\"\u003e5.4.15\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd test cases for new functions (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/350\"\u003e#350\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/c4b80daee3c1f18a84d756ac60c1d7d9a2b76d46\"\u003ec4b80da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.13...v5.4.14\"\u003e5.4.14\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e lock api-documenter version (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/349\"\u003e#349\u003c/a\u003e) (\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/6a6058898450c934841dad55f3c9cbe27b2758f0\"\u003e6a60588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.12...v5.4.13\"\u003e5.4.13\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d89aeded22ce167af392d5f2ecb5db30ec52bf4d\"\u003e\u003ccode\u003ed89aede\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.20 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/d10af781a918d3ccf843f293e51ca2ac1faeac8b\"\u003e\u003ccode\u003ed10af78\u003c/code\u003e\u003c/a\u003e fix(deps): bump axios to 1.16.1 (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/80a4a0c59e9b2b10a3e4d835b8001a005c246ff9\"\u003e\u003ccode\u003e80a4a0c\u003c/code\u003e\u003c/a\u003e build: switch mend config (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/46a3753afc686b3eef7777c8d49dcac22f617a30\"\u003e\u003ccode\u003e46a3753\u003c/code\u003e\u003c/a\u003e build: switch base config for Mend (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/55eec5a2e40532b88769164b24939a52b7aeba0c\"\u003e\u003ccode\u003e55eec5a\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.19 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/ba450c67b185ddfe9158b77c02bd365da0cec1bb\"\u003e\u003ccode\u003eba450c6\u003c/code\u003e\u003c/a\u003e fix(deps): update typescript to fix incompatibility (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/355\"\u003e#355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/20a0fb8f4f1382058640b457f545cb39854b2aa2\"\u003e\u003ccode\u003e20a0fb8\u003c/code\u003e\u003c/a\u003e build: disable Renovate (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/354\"\u003e#354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/2e592ef79b86ffe2d596b4e04df90116eb40e1d5\"\u003e\u003ccode\u003e2e592ef\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.18 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/bbd8b7f6d810c0c3f5d86ea66bc6ddf9427fccf0\"\u003e\u003ccode\u003ebbd8b7f\u003c/code\u003e\u003c/a\u003e fix(deps): revert extend removal (\u003ca href=\"https://redirect.github.com/IBM/node-sdk-core/issues/353\"\u003e#353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/IBM/node-sdk-core/commit/31b100d1d661b1d51693ce63b50a547ef4d11de0\"\u003e\u003ccode\u003e31b100d\u003c/code\u003e\u003c/a\u003e chore(release): 5.4.17 [skip ci]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/IBM/node-sdk-core/compare/v5.4.2...v5.4.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yuiseki/charites-ai/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yuiseki/charites-ai/pull/663","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuiseki%2Fcharites-ai/issues/663","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/663/packages"}},{"old_version":"21.3.0","new_version":"21.3.4","update_type":"patch","path":null,"pr_created_at":"2026-05-23T14:50:28.000Z","version_change":"21.3.0 → 21.3.4","issue":{"uuid":"4508591203","node_id":"PR_kwDOSTefEM7eo_1p","number":8,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 8 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T09:44:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T14:50:28.000Z","updated_at":"2026-05-24T09:45:00.000Z","time_to_close":68070,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@opentelemetry/exporter-prometheus","old_version":"0.52.1","new_version":"removed","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"axios","old_version":"1.13.6","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"file-type","old_version":"21.3.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"ws","old_version":"8.18.3","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"hono","old_version":"4.12.3","new_version":"4.12.22","repository_url":"https://github.com/honojs/hono"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"undici","old_version":"7.22.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"vite","old_version":"5.4.21","new_version":"8.0.14","repository_url":"https://github.com/vitejs/vite"},{"name":"yaml","old_version":"2.8.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@opentelemetry/exporter-prometheus](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `removed` |\n| [axios](https://github.com/axios/axios) | `1.13.6` | `1.16.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.21.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.3` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.25.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `8.0.14` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |\n\nBumps the npm_and_yarn group with 20 updates in the /ruflo/src/ruvocal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.0.0` | `21.3.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [ws](https://github.com/websockets/ws) | `8.18.2` | `8.21.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.24.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `10.0.0` | `14.0.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.52.2` | `2.61.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n\nBumps the npm_and_yarn group with 2 updates in the /ruflo/src/ruvocal/mcp-bridge directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 3 updates in the /v2 directory: [axios](https://github.com/axios/axios), [fast-uri](https://github.com/fastify/fast-uri) and [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 1 update in the /v2/examples/05-swarm-apps/rest-api-advanced directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /v2/examples/rest-api-simple directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /v3 directory: [ws](https://github.com/websockets/ws) and [yaml](https://github.com/eemeli/yaml).\nBumps the npm_and_yarn group with 3 updates in the /v3/plugins/gastown-bridge directory: [postcss](https://github.com/postcss/postcss), [uuid](https://github.com/uuidjs/uuid) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@opentelemetry/exporter-prometheus`\n\nUpdates `axios` from 1.13.6 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.6...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.3.0 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.3 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.3...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.3 to 4.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a192df0844724aeaf5cbc6f1ea2f8425d3f8a86a\"\u003e\u003ccode\u003ea192df0\u003c/code\u003e\u003c/a\u003e fix(mime): specify charset parameter per MIME type instead of mechanical dete...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf6ef7056a59acdc5cd2eacdca201147885d3e54\"\u003e\u003ccode\u003ecf6ef70\u003c/code\u003e\u003c/a\u003e chore: update vitest to v4 and cleanups (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.3...v4.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types...\n\n_Description has been truncated_","html_url":"https://github.com/michaelhughes2501/ruflo/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelhughes2501%2Fruflo/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"21.1.0","new_version":"21.3.4","update_type":"minor","path":null,"pr_created_at":"2026-05-23T09:39:48.000Z","version_change":"21.1.0 → 21.3.4","issue":{"uuid":"4507665987","node_id":"PR_kwDOQq4Zds7emFwV","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:39:48.000Z","updated_at":"2026-05-23T09:41:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@nestjs/core","old_version":"11.1.9","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"next","old_version":"16.0.10","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"esbuild","old_version":"0.14.47","new_version":"0.27.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"file-type","old_version":"21.1.0","new_version":"21.3.4","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.9` | `11.1.18` |\n| [next](https://github.com/vercel/next.js) | `16.0.10` | `16.2.6` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.14.47` | `0.27.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.1.0` | `21.3.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n\nBumps the npm_and_yarn group with 1 update in the /apps/web directory: [next](https://github.com/vercel/next.js).\n\nUpdates `@nestjs/core` from 11.1.9 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 16.0.10 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.0.10...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.14.47 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.27.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release deliberately contains backwards-incompatible changes.\u003c/strong\u003e To avoid automatically picking up releases like this, you should either be pinning the exact version of \u003ccode\u003eesbuild\u003c/code\u003e in your \u003ccode\u003epackage.json\u003c/code\u003e file (recommended) or be using a version range syntax that only accepts patch upgrades such as \u003ccode\u003e^0.26.0\u003c/code\u003e or \u003ccode\u003e~0.26.0\u003c/code\u003e. See npm's documentation about \u003ca href=\"https://docs.npmjs.com/cli/v6/using-npm/semver/\"\u003esemver\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUse \u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e if available (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4286\"\u003e#4286\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild's \u003ccode\u003ebinary\u003c/code\u003e loader will now use the new \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/fromBase64\"\u003e\u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e\u003c/a\u003e function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify \u003ccode\u003etarget\u003c/code\u003e when using this feature with Node (for example \u003ccode\u003e--target=node22\u003c/code\u003e) unless you're using Node v25+.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the Go compiler from v1.23.12 to v1.25.4 (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4208\"\u003e#4208\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4311\"\u003e#4311\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis raises the operating system requirements for running esbuild:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLinux: now requires a kernel version of 3.2 or later\u003c/li\u003e\n\u003cli\u003emacOS: now requires macOS 12 (Monterey) or later\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.26.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEnable trusted publishing (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4281\"\u003e#4281\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eGitHub and npm are recommending that maintainers for packages such as esbuild switch to \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing\u003c/a\u003e. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.\u003c/p\u003e\n\u003cp\u003eUnfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2022.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2022\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).\u003c/p\u003e\n\u003ch2\u003e0.16.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eLoader defaults to \u003ccode\u003ejs\u003c/code\u003e for extensionless files (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/2776\"\u003e#2776\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCertain packages contain files without an extension. For example, the \u003ccode\u003eyargs\u003c/code\u003e package contains the file \u003ccode\u003eyargs/yargs\u003c/code\u003e which has no extension. Node, Webpack, and Parcel can all understand code that imports \u003ccode\u003eyargs/yargs\u003c/code\u003e because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCLI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eesbuild --bundle --loader:=css\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eJS:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eesbuild.build({\n  bundle: true,\n  loader: { '': 'css' },\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGo:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eapi.Build(api.BuildOptions{\n  Bundle: true,\n  Loader: map[string]api.Loader{\u0026quot;\u0026quot;: api.LoaderCSS},\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, the \u003ccode\u003e\u0026quot;type\u0026quot;\u003c/code\u003e field in \u003ccode\u003epackage.json\u003c/code\u003e files now only applies to files with an explicit \u003ccode\u003e.js\u003c/code\u003e, \u003ccode\u003e.jsx\u003c/code\u003e, \u003ccode\u003e.ts\u003c/code\u003e, or \u003ccode\u003e.tsx\u003c/code\u003e extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than \u003ccode\u003e.mjs\u003c/code\u003e, \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cjs\u003c/code\u003e, or \u003ccode\u003e.cts\u003c/code\u003e including extensionless files. So for example an extensionless file in a \u003ccode\u003e\u0026quot;type\u0026quot;: \u0026quot;module\u0026quot;\u003c/code\u003e package is now treated as CommonJS instead of ESM.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.16.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid a syntax error in the presence of direct \u003ccode\u003eeval\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/2761\"\u003e#2761\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe behavior of nested \u003ccode\u003efunction\u003c/code\u003e declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested \u003ccode\u003efunction\u003c/code\u003e declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested \u003ccode\u003efunction\u003c/code\u003e declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nif (true) {\n  function foo() {}\n  console.log(!!foo)\n  foo = null\n  console.log(!!foo)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/2b91699b74da07c2cd2361a5e63c1882575e3bf0\"\u003e\u003ccode\u003e2b91699\u003c/code\u003e\u003c/a\u003e publish 0.27.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/22b425c12f59964383df27362294b5f8c034bab3\"\u003e\u003ccode\u003e22b425c\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4286\"\u003e#4286\u003c/a\u003e: use \u003ccode\u003eUint8Array.fromBase64\u003c/code\u003e if present (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4295\"\u003e#4295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6d187ef4c9277939c1639ef8c036c07ff62dd33f\"\u003e\u003ccode\u003e6d187ef\u003c/code\u003e\u003c/a\u003e update go 1.25.3 =\u0026gt; 1.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9d0d4e71a23dce02d18cf91552304333c1b44cd9\"\u003e\u003ccode\u003e9d0d4e7\u003c/code\u003e\u003c/a\u003e update go 1.23.12 =\u0026gt; 1.25.3 (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4318\"\u003e#4318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/b6979d89ed4b2aed1ab58d206e65c8bd92ac7c60\"\u003e\u003ccode\u003eb6979d8\u003c/code\u003e\u003c/a\u003e use a patched go compiler for release builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/893d2b9661a62575041fa371351c422f887cc43d\"\u003e\u003ccode\u003e893d2b9\u003c/code\u003e\u003c/a\u003e delete temporary \u003ccode\u003erelease.yml\u003c/code\u003e workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/cee391852c39146334894795e658e7a9c7bc4cd8\"\u003e\u003ccode\u003ecee3918\u003c/code\u003e\u003c/a\u003e add a temporary \u003ccode\u003erelease.yml\u003c/code\u003e workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f5bb1d6ed8c86eea24cda1664ab8812d823daeca\"\u003e\u003ccode\u003ef5bb1d6\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003epublish.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/17ff82bebfaf78e97457cb504525584e603bf9f4\"\u003e\u003ccode\u003e17ff82b\u003c/code\u003e\u003c/a\u003e publish 0.26.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f87181fbf3eb78b6b00cf7b3529d0f6f20cd763c\"\u003e\u003ccode\u003ef87181f\u003c/code\u003e\u003c/a\u003e enable trusted publishing (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.14.47...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 21.1.0 to 21.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser more  aec20a0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.3...v21.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden parser  c48c90b 135f91b\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.2...v21.3.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/fbe8b774485faa0dd7b27c82e61b412f20e6420e\"\u003e\u003ccode\u003efbe8b77\u003c/code\u003e\u003c/a\u003e 21.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/aec20a01d491be9bb2094c6c5204f76e93f3b08e\"\u003e\u003ccode\u003eaec20a0\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3afcca5ff206fd473f32b6667cb7fbe55b63514d\"\u003e\u003ccode\u003e3afcca5\u003c/code\u003e\u003c/a\u003e 21.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c48c90b4583c56a37b0a35207b67e56831b5f035\"\u003e\u003ccode\u003ec48c90b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/135f91b23ccc9ce5ce4679d66eb8152794089224\"\u003e\u003ccode\u003e135f91b\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://gith...\n\n_Description has been truncated_","html_url":"https://github.com/jianminy931020-coder/my-official-site/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jianminy931020-coder%2Fmy-official-site/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"16.5.4","new_version":"22.0.1","update_type":"major","path":"/server","pr_created_at":"2026-05-23T09:22:46.000Z","version_change":"16.5.4 → 22.0.1","issue":{"uuid":"4507631910","node_id":"PR_kwDOQPm3Is7el_ZD","number":426,"state":"open","title":"chore(deps): bump file-type from 16.5.4 to 22.0.1 in /server","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:22:46.000Z","updated_at":"2026-05-23T09:22:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"file-type","old_version":"16.5.4","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"}],"path":"/server","ecosystem":"npm"},"body":"Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.4 to 22.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev22.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequires Node.js 22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDropped Node.js \u003ccode\u003estream.Readable\u003c/code\u003e support from \u003ccode\u003efileTypeFromStream()\u003c/code\u003e and \u003ccode\u003efileTypeStream()\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThese now only accept a web \u003ccode\u003eReadableStream\u003c/code\u003e. Migrate with \u003ca href=\"https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options\"\u003e\u003ccode\u003eReadable.toWeb()\u003c/code\u003e\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Before\r\nimport fs from 'node:fs';\r\nfileTypeFromStream(fs.createReadStream('file.mp4'));\r\n\u003cp\u003e// After\u003cbr /\u003e\nimport fs from 'node:fs';\u003cbr /\u003e\nimport {Readable} from 'node:stream';\u003cbr /\u003e\nfileTypeFromStream(Readable.toWeb(fs.createReadStream('file.mp4')));\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSub-exports (e.g. \u003ccode\u003efile-type/core\u003c/code\u003e) have been removed. Import everything from \u003ccode\u003efile-type\u003c/code\u003e directly.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003eReadableStreamWithFileType\u003c/code\u003e type has been removed. Use \u003ccode\u003eAnyWebReadableByteStreamWithFileType\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral MIME types have been corrected or normalized:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eType\u003c/th\u003e\n\u003cth\u003eOld MIME\u003c/th\u003e\n\u003cth\u003eNew MIME\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elz\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-lzip\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/lzip\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003elnk\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.ms.shortcut\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ms-shortcut\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eApple Alias\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-apple.alias\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003efbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x.autodesk.fbx\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-fbx\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDraco\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/vnd.google.draco\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eapplication/x-ft-draco\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eMIME subtypes prefixed with \u003ccode\u003ex-ft-\u003c/code\u003e are custom types defined by this package (not IANA-registered).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded detection for Apple iWork files: \u003ccode\u003e.key\u003c/code\u003e (Keynote), \u003ccode\u003e.pages\u003c/code\u003e (Pages), \u003ccode\u003e.numbers\u003c/code\u003e (Numbers)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed LibreOffice OOXML files being incorrectly detected as ZIP when reading from streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.4...v22.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/2c54d066efdf7511e42fa9f5e4cd160b67fb51e9\"\u003e\u003ccode\u003e2c54d06\u003c/code\u003e\u003c/a\u003e 22.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0ba6e0b2b76382f9b61e7b9e8610bbf7ca0e5273\"\u003e\u003ccode\u003e0ba6e0b\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0e679c74a9cab31c7b2aa65f9ba8e241fbc205f1\"\u003e\u003ccode\u003e0e679c7\u003c/code\u003e\u003c/a\u003e Remove sub-exports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7079af7357c8d0a3651d6aa2015ba3cbe0121b48\"\u003e\u003ccode\u003e7079af7\u003c/code\u003e\u003c/a\u003e Tweaks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ec77458ce49d89bdf8de808569c2c87b43e8ca73\"\u003e\u003ccode\u003eec77458\u003c/code\u003e\u003c/a\u003e Add support for iWork files (.key, .pages, .numbers)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d4a975c316429d8ec0bccc6e92483e625be0f6b1\"\u003e\u003ccode\u003ed4a975c\u003c/code\u003e\u003c/a\u003e Fix LibreOffice OOXML files detected as ZIP in streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5de64e26f81ad14b1f07cb5c5108de6e303f3b60\"\u003e\u003ccode\u003e5de64e2\u003c/code\u003e\u003c/a\u003e Normalize MIME types we invented with \u003ccode\u003ex-ft-\u003c/code\u003e prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7a60fa9dc0b7dad71ad6d3146a28ab92eb079983\"\u003e\u003ccode\u003e7a60fa9\u003c/code\u003e\u003c/a\u003e Require Node.js 22\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=file-type\u0026package-manager=npm_and_yarn\u0026previous-version=16.5.4\u0026new-version=22.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Sachinchaurasiya360/InternHack/pull/426","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sachinchaurasiya360%2FInternHack/issues/426","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/426/packages"}},{"old_version":"21.0.0","new_version":"21.3.2","update_type":"minor","path":null,"pr_created_at":"2026-05-23T07:20:01.000Z","version_change":"21.0.0 → 21.3.2","issue":{"uuid":"4507295577","node_id":"PR_kwDOSTefEM7ek8Uz","number":4,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 5 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T10:49:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T07:20:01.000Z","updated_at":"2026-05-23T10:49:44.000Z","time_to_close":12581,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"file-type","old_version":"21.0.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"hono","old_version":"4.12.0","new_version":"4.12.22","repository_url":"https://github.com/honojs/hono"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"postcss","old_version":"8.5.4","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"undici","old_version":"7.18.2","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"uuid","old_version":"10.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@sveltejs/kit","old_version":"2.52.2","new_version":"2.61.0","repository_url":"https://github.com/sveltejs/kit"},{"name":"vite","old_version":"6.3.5","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ws","old_version":"8.18.2","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 20 updates in the /ruflo/src/ruvocal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.0.0` | `21.3.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.22` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.24.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `10.0.0` | `14.0.0` |\n| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.52.2` | `2.61.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.2` | `8.21.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /v2 directory: [undici](https://github.com/nodejs/undici), [fast-uri](https://github.com/fastify/fast-uri), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 1 update in the /v2/examples/05-swarm-apps/rest-api-advanced directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 5 updates in the /v2/examples/rest-api-simple directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /v3 directory: [yaml](https://github.com/eemeli/yaml) and [ws](https://github.com/websockets/ws).\n\nUpdates `file-type` from 21.0.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.0 to 4.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a192df0844724aeaf5cbc6f1ea2f8425d3f8a86a\"\u003e\u003ccode\u003ea192df0\u003c/code\u003e\u003c/a\u003e fix(mime): specify charset parameter per MIME type instead of mechanical dete...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf6ef7056a59acdc5cd2eacdca201147885d3e54\"\u003e\u003ccode\u003ecf6ef70\u003c/code\u003e\u003c/a\u003e chore: update vitest to v4 and cleanups (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.0...v4.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 9.0.5 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v9.0.5...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.4 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.4...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.18.2 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.18.2...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sveltejs/kit` from 2.52.2 to 2.61.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/kit/releases\"\u003e@​sveltejs/kit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​sveltejs/kit\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.61.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking: the \u003ccode\u003e.run()\u003c/code\u003e method has been removed from remote queries on both the client and the server. Use \u003ccode\u003eawait query()\u003c/code\u003e directly instead — it now works everywhere (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: live query instances are now themselves async-iterable (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15878\"\u003e#15878\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: add programmatic \u003ccode\u003esubmit\u003c/code\u003e method to \u003ccode\u003eform\u003c/code\u003e remote function instances (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: pass \u003ccode\u003eform\u003c/code\u003e remote function instance into \u003ccode\u003eenhance\u003c/code\u003e callback (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve the app payload without using \u003ccode\u003eprocess.env.NODE_ENV\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15852\"\u003e#15852\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15825\"\u003e#15825\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly send \u003ccode\u003etrue\u003c/code\u003e value to the server for 'submit' and 'hidden' form fields (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15858\"\u003e#15858\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid build warnings about undefined universal hooks (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15895\"\u003e#15895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prefer default error page when failing to decode the URL pathname (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15744\"\u003e#15744\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disable link prefetching on slow internet connections (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15885\"\u003e#15885\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow routes ending with optional parameters next to more specific routes (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15861\"\u003e#15861\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15796\"\u003e#15796\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​sveltejs/kit\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.60.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump \u003ccode\u003esvelte\u003c/code\u003e and \u003ccode\u003edevalue\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15836\"\u003e#15836\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent \u003ccode\u003equery.batch\u003c/code\u003e cross-talk (\u003ca href=\"https://github.com/sveltejs/kit/commit/dadaefc2e647a0a62f49f3ee8bc7aa46f5e27056\"\u003e\u003ccode\u003edadaefc\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md\"\u003e@​sveltejs/kit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.61.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking: the \u003ccode\u003e.run()\u003c/code\u003e method has been removed from remote queries on both the client and the server. Use \u003ccode\u003eawait query()\u003c/code\u003e directly instead — it now works everywhere (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15779\"\u003e#15779\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: live query instances are now themselves async-iterable (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15878\"\u003e#15878\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: add programmatic \u003ccode\u003esubmit\u003c/code\u003e method to \u003ccode\u003eform\u003c/code\u003e remote function instances (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efeat: pass \u003ccode\u003eform\u003c/code\u003e remote function instance into \u003ccode\u003eenhance\u003c/code\u003e callback (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15657\"\u003e#15657\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve the app payload without using \u003ccode\u003eprocess.env.NODE_ENV\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15852\"\u003e#15852\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15825\"\u003e#15825\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly send \u003ccode\u003etrue\u003c/code\u003e value to the server for 'submit' and 'hidden' form fields (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15858\"\u003e#15858\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid build warnings about undefined universal hooks (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15895\"\u003e#15895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: prefer default error page when failing to decode the URL pathname (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15744\"\u003e#15744\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disable link prefetching on slow internet connections (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15885\"\u003e#15885\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow routes ending with optional parameters next to more specific routes (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15861\"\u003e#15861\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15796\"\u003e#15796\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.60.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump \u003ccode\u003esvelte\u003c/code\u003e and \u003ccode\u003edevalue\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/kit/pull/15836\"\u003e#15836\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/4f961ab2d89249a7be62c29116c55cda7f551e16\"\u003e\u003ccode\u003e4f961ab\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15853\"\u003e#15853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/1817da0a8028e0c0980b9e47afb5dab464b26132\"\u003e\u003ccode\u003e1817da0\u003c/code\u003e\u003c/a\u003e fix: support \u003ccode\u003eexactOptionalPropertyTypes\u003c/code\u003e for optional route params (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15825\"\u003e#15825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/8feb2af890fc0ee7db34d6d23c74b6a2d0b72567\"\u003e\u003ccode\u003e8feb2af\u003c/code\u003e\u003c/a\u003e chore: dedupe replacer code (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15877\"\u003e#15877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/95ca921c82837bb55373f91b9a90d76854c90e89\"\u003e\u003ccode\u003e95ca921\u003c/code\u003e\u003c/a\u003e fix: remove Content-Length dependency in binary form deserialization (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15796\"\u003e#15796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/e75024c9fbc240e83b10c0cdabc2f542c71ab846\"\u003e\u003ccode\u003ee75024c\u003c/code\u003e\u003c/a\u003e feat: LiveQuery self-iterability (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15878\"\u003e#15878\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/0cc67d9201a36ba3786a234f322f6fdd341619ea\"\u003e\u003ccode\u003e0cc67d9\u003c/code\u003e\u003c/a\u003e fix: avoid build warnings about undefined hooks on Windows (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15895\"\u003e#15895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/1949057b0d658b458ad519713818d450d123c3ae\"\u003e\u003ccode\u003e1949057\u003c/code\u003e\u003c/a\u003e chore(prefetch): disable link prefetching on slow internet connections (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15885\"\u003e#15885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/69b5787a41b2c60bab944430c43484cf3375459e\"\u003e\u003ccode\u003e69b5787\u003c/code\u003e\u003c/a\u003e fix: prefer the default error page when failing to decode the URL pathname (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/e4c844830a8acd237f9c78e6c8a55badac555fb7\"\u003e\u003ccode\u003ee4c8448\u003c/code\u003e\u003c/a\u003e feat: Isomorphic caching for queries (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15779\"\u003e#15779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/kit/commit/81de68d02e56ed6d64d82aa055569090a8fd2cc8\"\u003e\u003ccode\u003e81de68d\u003c/code\u003e\u003c/a\u003e chore: remove unnecessary arg in \u003ccode\u003ebuild_server.js\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15850\"\u003e#15850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.61.0/packages/kit\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.5 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/michaelhughes2501/ruflo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelhughes2501%2Fruflo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"21.1.1","new_version":"21.3.2","update_type":"minor","path":null,"pr_created_at":"2026-05-22T01:05:34.000Z","version_change":"21.1.1 → 21.3.2","issue":{"uuid":"4498947752","node_id":"PR_kwDONiT-TM7eKI6p","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript","packages/backend","packages/frontend"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:05:34.000Z","updated_at":"2026-05-22T01:07:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"vite","old_version":"7.2.2","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@fastify/express","old_version":"4.0.2","new_version":"4.0.5","repository_url":"https://github.com/fastify/fastify-express"},{"name":"@fastify/static","old_version":"8.3.0","new_version":"9.1.1","repository_url":"https://github.com/fastify/fastify-static"},{"name":"@nestjs/core","old_version":"11.1.9","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"fastify","old_version":"5.6.2","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"file-type","old_version":"21.1.1","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.8.9","repository_url":"https://github.com/capricorn86/happy-dom"},{"name":"jsrsasign","old_version":"11.1.0","new_version":"11.1.1","repository_url":"https://github.com/kjur/jsrsasign"},{"name":"nodemailer","old_version":"7.0.10","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"rollup","old_version":"4.53.3","new_version":"4.59.0","repository_url":"https://github.com/rollup/rollup"},{"name":"systeminformation","old_version":"5.27.11","new_version":"5.31.6","repository_url":"https://github.com/sebhildebrandt/systeminformation"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@xmldom/xmldom","old_version":"0.9.8","new_version":"0.9.10","repository_url":"https://github.com/xmldom/xmldom"},{"name":"axios","old_version":"0.24.0","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.2.5","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"immutable","old_version":"5.1.4","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"picomatch","old_version":"2.3.1","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/svg/svgo"},{"name":"undici","old_version":"5.29.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /scripts/changelog-checker directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [rollup](https://github.com/rollup/rollup) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.2` |\n| [@fastify/express](https://github.com/fastify/fastify-express) | `4.0.2` | `4.0.5` |\n| [@fastify/static](https://github.com/fastify/fastify-static) | `8.3.0` | `9.1.1` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.9` | `11.1.18` |\n| [fastify](https://github.com/fastify/fastify) | `5.6.2` | `5.8.5` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.1.1` | `21.3.2` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.8.9` |\n| [jsrsasign](https://github.com/kjur/jsrsasign) | `11.1.0` | `11.1.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.10` | `8.0.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.3` | `4.59.0` |\n| [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.27.11` | `5.31.6` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.20.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.9.8` | `0.9.10` |\n| [axios](https://github.com/axios/axios) | `0.24.0` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.2.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.4` | `5.1.5` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n| [svgo](https://github.com/svg/svgo) | `4.0.0` | `4.0.1` |\n| [undici](https://github.com/nodejs/undici) | `5.29.0` | `7.25.0` |\n\n\nUpdates `vite` from 7.2.2 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.53.3 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.53.3...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@fastify/express` from 4.0.2 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify-express/releases\"\u003e@​fastify/express's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33807 \u003ca href=\"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c\"\u003ehttps://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c\u003c/a\u003e.\nThis fixes CVE CVE-2026-33808 \u003ca href=\"https://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88\"\u003ehttps://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump express from 4.22.1 to 5.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/179\"\u003efastify/fastify-express#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove stale.yml by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/181\"\u003efastify/fastify-express#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump c8 from 10.1.3 to 11.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/183\"\u003efastify/fastify-express#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/182\"\u003efastify/fastify-express#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/185\"\u003efastify/fastify-express#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/187\"\u003efastify/fastify-express#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/188\"\u003efastify/fastify-express#188\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/181\"\u003efastify/fastify-express#181\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.4...v4.0.5\"\u003ehttps://github.com/fastify/fastify-express/compare/v4.0.4...v4.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: decode url with query params by \u003ca href=\"https://github.com/nolway\"\u003e\u003ccode\u003e@​nolway\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/178\"\u003efastify/fastify-express#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nolway\"\u003e\u003ccode\u003e@​nolway\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/178\"\u003efastify/fastify-express#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.3...v4.0.4\"\u003ehttps://github.com/fastify/fastify-express/compare/v4.0.3...v4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(dependabot): reduce npm updates to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/157\"\u003efastify/fastify-express#157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: rename master to main by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/158\"\u003efastify/fastify-express#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: migrate to node test runner by \u003ca href=\"https://github.com/ilteoood\"\u003e\u003ccode\u003e@​ilteoood\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/159\"\u003efastify/fastify-express#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/161\"\u003efastify/fastify-express#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(readme): update plugin version syntax by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/162\"\u003efastify/fastify-express#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/163\"\u003efastify/fastify-express#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/164\"\u003efastify/fastify-express#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump express from 4.21.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/166\"\u003efastify/fastify-express#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump serve-static from 1.16.2 to 2.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/165\"\u003efastify/fastify-express#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/168\"\u003efastify/fastify-express#168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): update date ranges; standardise style by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/169\"\u003efastify/fastify-express#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/171\"\u003efastify/fastify-express#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/172\"\u003efastify/fastify-express#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/170\"\u003efastify/fastify-express#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: decode paths before matching by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/174\"\u003efastify/fastify-express#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore express4 by \u003ca href=\"https://github.com/Eomm\"\u003e\u003ccode\u003e@​Eomm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/176\"\u003efastify/fastify-express#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ilteoood\"\u003e\u003ccode\u003e@​ilteoood\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-express/pull/159\"\u003efastify/fastify-express#159\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/f52f4476cbd874a9526027082b9e075d3bff63ac\"\u003e\u003ccode\u003ef52f447\u003c/code\u003e\u003c/a\u003e Bumped v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/c4e49b5244fcfadb38dc08e9b1808c5d759021a2\"\u003e\u003ccode\u003ec4e49b5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/674020f27ddc1d1709e4369cb40158d4c958d42b\"\u003e\u003ccode\u003e674020f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/96eb39be998436e639401ce763941a919145b8ad\"\u003e\u003ccode\u003e96eb39b\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/188\"\u003e#188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/65ddc99fba34f9f1561435daa08dd654f126bd46\"\u003e\u003ccode\u003e65ddc99\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/187\"\u003e#187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/2746f1f040a9b57b24481d4e0dbbedbf05ca234e\"\u003e\u003ccode\u003e2746f1f\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/cce14b12102da13f84cedf21cdf18b2ac75676e7\"\u003e\u003ccode\u003ecce14b1\u003c/code\u003e\u003c/a\u003e chore(license): standardise license notice (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/182\"\u003e#182\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/70a809411d0f4d4b4a0993c45bd9881e0b427847\"\u003e\u003ccode\u003e70a8094\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump c8 from 10.1.3 to 11.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/183\"\u003e#183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/6f627c610007c0985d9af80f8dff072b9d21ee37\"\u003e\u003ccode\u003e6f627c6\u003c/code\u003e\u003c/a\u003e ci: remove stale.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/181\"\u003e#181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-express/commit/fa4a726d0be418a1ce2ee7abe88250cce8213ea4\"\u003e\u003ccode\u003efa4a726\u003c/code\u003e\u003c/a\u003e build(deps): bump express from 4.22.1 to 5.2.1 (\u003ca href=\"https://redirect.github.com/fastify/fastify-express/issues/179\"\u003e#179\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify-express/compare/v4.0.2...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for \u003ccode\u003e@​fastify/express\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@fastify/static` from 8.3.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify-static/releases\"\u003e@​fastify/static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-6410 \u003ca href=\"https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h\"\u003ehttps://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h\u003c/a\u003e.\nThis fixes CVE CVE-2026-6414 \u003ca href=\"https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92\"\u003ehttps://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/570\"\u003efastify/fastify-static#570\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1\"\u003ehttps://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev9.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.4 to 25.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/552\"\u003efastify/fastify-static#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: move ignoreTrailingSlash under routerOptions by \u003ca href=\"https://github.com/lraveri\"\u003e\u003ccode\u003e@​lraveri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/553\"\u003efastify/fastify-static#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump borp from 0.20.2 to 0.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/543\"\u003efastify/fastify-static#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump pino and borp dependencies, delete stale.yml by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/557\"\u003efastify/fastify-static#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update syntax typescript by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/558\"\u003efastify/fastify-static#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/560\"\u003efastify/fastify-static#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: sendFile ignoring option overrides in some cases by \u003ca href=\"https://github.com/bakugo\"\u003e\u003ccode\u003e@​bakugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/559\"\u003efastify/fastify-static#559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade c8 to v11.0.0 and improvements test by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/564\"\u003efastify/fastify-static#564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/566\"\u003efastify/fastify-static#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lraveri\"\u003e\u003ccode\u003e@​lraveri\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/553\"\u003efastify/fastify-static#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/557\"\u003efastify/fastify-static#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bakugo\"\u003e\u003ccode\u003e@​bakugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/559\"\u003efastify/fastify-static#559\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0\"\u003ehttps://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump content-disposition from 0.5.4 to 1.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/547\"\u003efastify/fastify-static#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate glob@13 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify-static/pull/550\"\u003efastify/fastify-static#550\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify-static/compare/v8.3.0...v9.0.0\"\u003ehttps://github.com/fastify/fastify-static/compare/v8.3.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/48b136f5d8da0efea328f49f6202ab3edabf608b\"\u003e\u003ccode\u003e48b136f\u003c/code\u003e\u003c/a\u003e Bumped v9.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/cc7b7f7e00a5f028599ba17392b831afd0c651aa\"\u003e\u003ccode\u003ecc7b7f7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/9921faa7ffe4931f4bbd2d1a8b6d90e720081856\"\u003e\u003ccode\u003e9921faa\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/4183d2d8dd52b11c27f7adc22abb8d2531ad4a02\"\u003e\u003ccode\u003e4183d2d\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/570\"\u003e#570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/a3a8cd6c7a5b0937d7ad939564991c284f09754a\"\u003e\u003ccode\u003ea3a8cd6\u003c/code\u003e\u003c/a\u003e Bumped v9.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/8423c80016917b40a3e42c38fd55070a89d1b9b8\"\u003e\u003ccode\u003e8423c80\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/566\"\u003e#566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/475dce148995ac754a8cb344bad63c8cbd6517d2\"\u003e\u003ccode\u003e475dce1\u003c/code\u003e\u003c/a\u003e chore: upgrade c8 to v11.0.0 and improvements test (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/3ff0f39b94da96f42a88ed57c554abc8381806c3\"\u003e\u003ccode\u003e3ff0f39\u003c/code\u003e\u003c/a\u003e fix: sendFile ignoring option overrides in some cases (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/663baa7da61ff69115995baf59efba6396d814a8\"\u003e\u003ccode\u003e663baa7\u003c/code\u003e\u003c/a\u003e chore(license): standardise license notice (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify-static/commit/51bb66e88667850ff5e8f4e9a27ebbf8c5b7bbad\"\u003e\u003ccode\u003e51bb66e\u003c/code\u003e\u003c/a\u003e chore: update syntax typescript (\u003ca href=\"https://redirect.github.com/fastify/fastify-static/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify-static/compare/v8.3.0...v9.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.9 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastify` from 5.6.2 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/towan912/misskey/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/towan912%2Fmisskey/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"16.5.4","new_version":"21.3.2","update_type":"major","path":null,"pr_created_at":"2026-05-22T00:23:54.000Z","version_change":"16.5.4 → 21.3.2","issue":{"uuid":"4498791047","node_id":"PR_kwDOSkcNvs7eJp52","number":4,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T00:24:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T00:23:54.000Z","updated_at":"2026-05-22T00:24:28.000Z","time_to_close":32,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"dottie","old_version":"2.0.6","new_version":"2.0.7","repository_url":"https://github.com/mickhansen/dottie.js"},{"name":"file-type","old_version":"16.5.4","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"multer","old_version":"1.4.5-lts.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"sanitize-html","old_version":"1.4.2","new_version":"2.12.1","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"sequelize","old_version":"6.37.7","new_version":"6.37.8","repository_url":"https://github.com/sequelize/sequelize"},{"name":"socket.io","old_version":"3.1.2","new_version":"4.6.2","repository_url":"https://github.com/socketio/socket.io"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"braces","old_version":"2.3.2","new_version":"removed","repository_url":"https://github.com/micromatch/braces"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"cookie","old_version":"0.4.2","new_version":"0.7.2","repository_url":"https://github.com/jshttp/cookie"},{"name":"crypto-js","old_version":"3.3.0","new_version":"removed","repository_url":"https://github.com/brix/crypto-js"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"diff","old_version":"5.0.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dottie](https://github.com/mickhansen/dottie.js) | `2.0.6` | `2.0.7` |\n| [file-type](https://github.com/sindresorhus/file-type) | `16.5.4` | `21.3.2` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.2` | `2.1.1` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `1.4.2` | `2.12.1` |\n| [sequelize](https://github.com/sequelize/sequelize) | `6.37.7` | `6.37.8` |\n| [socket.io](https://github.com/socketio/socket.io) | `3.1.2` | `4.6.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `removed` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` |\n| [crypto-js](https://github.com/brix/crypto-js) | `3.3.0` | `removed` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.0.0` | `5.2.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n\n\nUpdates `dottie` from 2.0.6 to 2.0.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/334c32b80ed536522b567ee6a844caf8e5fef9c3\"\u003e\u003ccode\u003e334c32b\u003c/code\u003e\u003c/a\u003e 2.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/7e8fa1345a4b46325f0eab8d7aeb1c4deaefdb14\"\u003e\u003ccode\u003e7e8fa13\u003c/code\u003e\u003c/a\u003e fix: check all path segments for dangerous keys (bypass of CVE-2023-2… (\u003ca href=\"https://redirect.github.com/mickhansen/dottie.js/issues/43\"\u003e#43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickhansen/dottie.js/commit/a72eb993212939d60a2801843ce3e968dfc5c6a6\"\u003e\u003ccode\u003ea72eb99\u003c/code\u003e\u003c/a\u003e Update test GitHub Action (\u003ca href=\"https://redirect.github.com/mickhansen/dottie.js/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mickhansen/dottie.js/compare/v2.0.6...v2.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 16.5.4 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Mach-O Universal (aka \u0026quot;Fat\u0026quot;) binaries and additional architectures (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/779\"\u003e#779\u003c/a\u003e)  d223491\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.2.0...v21.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SPSS data files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/787\"\u003e#787\u003c/a\u003e)  889f638\u003c/li\u003e\n\u003cli\u003eAdd support for JMP (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/784\"\u003e#784\u003c/a\u003e)  093dba0\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.1...v21.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of partial Gunzip file (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/783\"\u003e#783\u003c/a\u003e)  710e053\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.1.0...v21.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v16.5.4...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 1.4.5-lts.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7338\"\u003eCVE-2025-7338\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p\"\u003eGHSA-fjgf-rc76-4x9p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-48997\"\u003eCVE-2025-48997\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg\"\u003eGHSA-g5hg-p3ph-g8qg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change: The minimum supported Node version is now 10.16.0\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-47935\"\u003eCVE-2025-47935\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5\"\u003eGHSA-44fp-w29j-9vj5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-47944\"\u003eCVE-2025-47944\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h\"\u003eGHSA-4pg4-qvpc-4q3h\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v1.4.5-lts.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for multer since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sanitize-html` from 1.4.2 to 2.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md\"\u003esanitize-html's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.12.1 (2024-02-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not parse sourcemaps in \u003ccode\u003epost-css\u003c/code\u003e. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the \u003ccode\u003estyle\u003c/code\u003e attribute is allowed by the configuration. Thanks to the \u003ca href=\"https://snyk.io/\"\u003eSnyk Security team\u003c/a\u003e for the disclosure and to \u003ca href=\"https://dylan.is/\"\u003eDylan Armstrong\u003c/a\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.12.0 (2024-02-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eIntroduced the \u003ccode\u003eallowedEmptyAttributes\u003c/code\u003e option, enabling explicit specification of empty string values for select attributes, with the default attribute set to \u003ccode\u003ealt\u003c/code\u003e. Thanks to \u003ca href=\"https://github.com/zhna123\"\u003eNa\u003c/a\u003e for the contribution.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClarified the use of SVGs with a new test and changes to documentation. Thanks to \u003ca href=\"https://github.com/gkumar9891\"\u003eGauav Kumar\u003c/a\u003e for the contribution.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not process source maps when processing style tags with PostCSS.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.11.0 (2023-06-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix to allow \u003ccode\u003efalse\u003c/code\u003e in \u003ccode\u003eallowedClasses\u003c/code\u003e attributes. Thanks to \u003ca href=\"https://github.com/KevinSJ\"\u003eKevin Jiang\u003c/a\u003e for this fix!\u003c/li\u003e\n\u003cli\u003eUpgrade mocha version\u003c/li\u003e\n\u003cli\u003eApply small linter fixes in tests\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e.idea\u003c/code\u003e temp files to \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThanks to \u003ca href=\"https://github.com/VitaliiShpital\"\u003eVitalii Shpital\u003c/a\u003e for the updates!\u003c/li\u003e\n\u003cli\u003eShow parseStyleAttributes warning in browser only. Thanks to \u003ca href=\"https://github.com/mog422\"\u003emog422\u003c/a\u003e for this update!\u003c/li\u003e\n\u003cli\u003eRemove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. \u003ca href=\"https://github.com/dylanarmstrong\"\u003eThanks to Dylan Armstrong\u003c/a\u003e for this update!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.10.0 (2023-02-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when \u003ccode\u003edisallowedTagMode\u003c/code\u003e is set to any variant of \u003ccode\u003eescape\u003c/code\u003e -- just escape the disallowed tags that are present. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/464\"\u003e#464\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/464\"\u003eapostrophecms/sanitize-html#464\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/dliebner\"\u003eDaniel Liebner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etagAllowed()\u003c/code\u003e helper function which takes a tag name and checks it against \u003ccode\u003eoptions.allowedTags\u003c/code\u003e and returns \u003ccode\u003etrue\u003c/code\u003e if the tag is allowed and \u003ccode\u003efalse\u003c/code\u003e if it is not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.0 (2023-01-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option parseStyleAttributes to skip style parsing. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/547\"\u003e#547\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/547\"\u003eapostrophecms/sanitize-html#547\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/bertyhell\"\u003eBert Verhelst\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.1 (2022-12-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIf the argument is a number, convert it to a string, for backwards compatibility. Thanks to \u003ca href=\"https://github.com/alexander-schranz\"\u003eAlexander Schranz\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.0 (2022-12-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrades \u003ccode\u003ehtmlparser2\u003c/code\u003e to new major version \u003ccode\u003e^8.0.0\u003c/code\u003e. Thanks to \u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for this contribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.3 (2022-10-24)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIf allowedTags is falsy but not exactly \u003ccode\u003efalse\u003c/code\u003e, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/176\"\u003e#176\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/176\"\u003eapostrophecms/sanitize-html#176\u003c/a\u003e). Thanks to \u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.2 (2022-09-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClosing tags must agree with opening tags. This fixes [issue \u003ca href=\"https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/549\"\u003e#549\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/apostrophecms/sanitize-html/issues/549\"\u003eapostrophecms/sanitize-html#549\u003c/a\u003e), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to\n\u003ca href=\"https://github.com/kedarchandrayan\"\u003eKedar Chandrayan\u003c/a\u003e for the report and the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.1 (2022-07-20)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/apostrophecms/apostrophe/commits/2.12.1/packages/sanitize-html\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sequelize` from 6.37.7 to 6.37.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sequelize/sequelize/releases\"\u003esequelize's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.37.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/sequelize/sequelize/compare/v6.37.7...v6.37.8\"\u003e6.37.8\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eSecurity improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evalidate cast types in JSON where clauses (\u003ca href=\"https://github.com/sequelize/sequelize/commit/b1475280b82159c11b829b43568da370f598a9e4\"\u003eb147528\u003c/a\u003e) (\u003ca href=\"https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr\"\u003eCVE-2026-30951\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/cb7f99ad05de56137672ab95586359ff6ceba004\"\u003e\u003ccode\u003ecb7f99a\u003c/code\u003e\u003c/a\u003e fix: validate cast types in JSON where clauses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/b1475280b82159c11b829b43568da370f598a9e4\"\u003e\u003ccode\u003eb147528\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sequelize/sequelize/commit/4b8b5b94a09220f7aae1e96d6d19ff65695fc100\"\u003e\u003ccode\u003e4b8b5b9\u003c/code\u003e\u003c/a\u003e meta: Fix MSSQL CI (\u003ca href=\"https://redirect.github.com/sequelize/sequelize/issues/17931\"\u003e#17931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sequelize/sequelize/compare/v6.37.7...v6.37.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~wikirik\"\u003ewikirik\u003c/a\u003e, a new releaser for sequelize since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io` from 3.1.2 to 4.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@3.4.4\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4\"\u003e719f9eb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@3.3.5\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf\"\u003e9d39f1f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/blob/4.6.2/CHANGELOG.md\"\u003esocket.io's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.6.1...4.6.2\"\u003e4.6.2\u003c/a\u003e (2023-05-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eexports:\u003c/strong\u003e move \u003ccode\u003etypes\u003c/code\u003e condition to the top (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4698\"\u003e#4698\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e\"\u003e3d44aae\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/engine.io/releases/tag/6.4.0\"\u003e\u003ccode\u003eengine.io@~6.4.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/releases/tag/8.11.0\"\u003e\u003ccode\u003ews@~8.11.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.6.0...4.6.1\"\u003e4.6.1\u003c/a\u003e (2023-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eproperly handle manually created dynamic namespaces (\u003ca href=\"https://github.com/socketio/socket.io/commit/0d0a7a22b5ff95f864216c529114b7dd41738d1e\"\u003e0d0a7a2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etypes:\u003c/strong\u003e fix nodenext module resolution compatibility (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4625\"\u003e#4625\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/d0b22c630208669aceb7ae013180c99ef90279b0\"\u003ed0b22c6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/engine.io/releases/tag/6.4.0\"\u003e\u003ccode\u003eengine.io@~6.4.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/releases/tag/8.11.0\"\u003e\u003ccode\u003ews@~8.11.0\u003c/code\u003e\u003c/a\u003e (no change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/socketio/socket.io/compare/4.5.4...4.6.0\"\u003e4.6.0\u003c/a\u003e (2023-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd timeout method to remote socket (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4558\"\u003e#4558\u003c/a\u003e) (\u003ca href=\"https://github.com/socketio/socket.io/commit/0c0eb0016317218c2be3641e706cfaa9bea39a2d\"\u003e0c0eb00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etypings:\u003c/strong\u003e properly type emits with timeout (\u003ca href=\"https://github.com/socketio/socket.io/commit/f3ada7d8ccc02eeced2b9b9ac8e4bc921eb630d2\"\u003ef3ada7d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003ch4\u003ePromise-based acknowledgements\u003c/h4\u003e\n\u003cp\u003eThis commit adds some syntactic sugar around acknowledgements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eemitWithAck()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003etry {\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/faf914c9ab3e06a6e84fc91774a4182e58f8ae70\"\u003e\u003ccode\u003efaf914c\u003c/code\u003e\u003c/a\u003e chore(release): 4.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115\"\u003e\u003ccode\u003e15af22f\u003c/code\u003e\u003c/a\u003e refactor: add a noop handler for the error event\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d3658944e562e538db094ef298d274821984dea2\"\u003e\u003ccode\u003ed365894\u003c/code\u003e\u003c/a\u003e chore: bump socket.io-parser to version 4.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/12b0de4f524083c31b613ce33e4fd9f8d313f434\"\u003e\u003ccode\u003e12b0de4\u003c/code\u003e\u003c/a\u003e chore: bump engine.io to version 6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e\"\u003e\u003ccode\u003e3d44aae\u003c/code\u003e\u003c/a\u003e fix(exports): move \u003ccode\u003etypes\u003c/code\u003e condition to the top (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/4698\"\u003e#4698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/cbf0362476a23a573233369f1119f7e305539336\"\u003e\u003ccode\u003ecbf0362\u003c/code\u003e\u003c/a\u003e docs(examples): bump dependencies for the private messaging example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/59280da20b5ab6509bafb87793cc0077d60d9c27\"\u003e\u003ccode\u003e59280da\u003c/code\u003e\u003c/a\u003e docs(examples): update examples to docker compose v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/50a4d37cb82f2a14e058ae5a3038ee25796c2121\"\u003e\u003ccode\u003e50a4d37\u003c/code\u003e\u003c/a\u003e docs(changelog): add version of transitive dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/6458b2bef171aa0d7dea198297608ea2ed4b1db9\"\u003e\u003ccode\u003e6458b2b\u003c/code\u003e\u003c/a\u003e docs(example): basic WebSocket-only client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/b56da8a99f4814d553064af175edcf747d5561d7\"\u003e\u003ccode\u003eb56da8a\u003c/code\u003e\u003c/a\u003e docs(examples): upgrade to React 18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/3.1.2...4.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `braces`\n\nUpdates `micromatch` from 3.1.10 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Update picomatch to fix regression \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/179\"\u003e#179\u003c/a\u003e (8becb55)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce newer version of picomatch with bugfixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.1 - 4.0.5]\u003c/h2\u003e\n\u003ch2\u003e[4.0.0] - 2019-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onMatch\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onIgnore\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onResult\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js \u0026gt;= 8.6\u003c/li\u003e\n\u003cli\u003eRemoved support for passing an array of brace patterns to \u003ccode\u003emicromatch.braces()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eTo strictly enforce closing brackets (for \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, and \u003ccode\u003e(\u003c/code\u003e), you must now use \u003ccode\u003estrictBrackets=true\u003c/code\u003e instead of \u003ccode\u003estrictErrors\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecache\u003c/code\u003e - caching and all related options and methods have been removed\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.unixify\u003c/code\u003e was renamed to \u003ccode\u003eoptions.windows\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.nodupes\u003c/code\u003e Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the \u003ccode\u003eonMatch\u003c/code\u003e, \u003ccode\u003eonResult\u003c/code\u003e and \u003ccode\u003eonIgnore\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.snapdragon\u003c/code\u003e was removed, as snapdragon is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.sourcemap\u003c/code\u003e was removed, as snapdragon is no longer used, which provided sourcemap support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0] - 2017-04-11\u003c/h2\u003e\n\u003cp\u003eComplete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003emicromatch results are directly compared to bash results\u003c/li\u003e\n\u003cli\u003ein rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results\u003c/li\u003e\n\u003cli\u003emicromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash \u0026quot;expansion\u0026quot; API.\u003c/p\u003e\n\u003cp\u003eThese sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an \u003ca href=\"https://gist.github.com/jonschlinkert/099c8914f56529f75bc757cc9e5e8e2a\"\u003eAST is created\u003c/a\u003e, then a new string is generated by the compiler.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920\"\u003e\u003ccode\u003e8bd704e\u003c/code\u003e\u003c/a\u003e 4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a\"\u003e\u003ccode\u003ea0e6841\u003c/code\u003e\u003c/a\u003e run verb to generate README documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a\"\u003e\u003ccode\u003e4ec2884\u003c/code\u003e\u003c/a\u003e Merge branch 'v4' into hauserkristof-feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\"\u003e\u003ccode\u003e03aa805\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/266\"\u003e#266\u003c/a\u003e from hauserkristof/feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8\"\u003e\u003ccode\u003e814f5f7\u003c/code\u003e\u003c/a\u003e lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae\"\u003e\u003ccode\u003e67fcce6\u003c/code\u003e\u003c/a\u003e fix: CHANGELOG about braces \u0026amp; CVE-2024-4068, v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30\"\u003e\u003ccode\u003e113f2e3\u003c/code\u003e\u003c/a\u003e fix: CVE numbers in CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f\"\u003e\u003ccode\u003ed9dbd9a\u003c/code\u003e\u003c/a\u003e feat: updated CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e\"\u003e\u003ccode\u003e2ab1315\u003c/code\u003e\u003c/a\u003e fix: use actions/setup-node@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce\"\u003e\u003ccode\u003e1406ea3\u003c/code\u003e\u003c/a\u003e feat: rework test to work on macos with node 10,12 and 14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/micromatch/compare/3.1.10...4.0.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cookie` from 0.4.2 to 0.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/cookie/releases\"\u003ecookie's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)  bc38ffd\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAllow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eAlthough not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd fast path for \u003ccode\u003eserialize\u003c/code\u003e without options, use \u003ccode\u003eobj.hasOwnProperty\u003c/code\u003e when parsing (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf: parse cookies ~10% faster (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e by \u003ca href=\"https://github.com/kurtextrem\"\u003e\u003ccode\u003e@​kurtextrem\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/170\"\u003e#170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: narrow the validation of cookies to match RFC6265 (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/167\"\u003e#167\u003c/a\u003e by \u003ca href=\"https://github.com/bewinsnw\"\u003e\u003ccode\u003e@​bewinsnw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: add \u003ccode\u003emain\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e for rspack (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/166\"\u003e#166\u003c/a\u003e by \u003ca href=\"https://github.com/proudparrot2\"\u003e\u003ccode\u003e@​proudparrot2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\"\u003ehttps://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epartitioned\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epriority\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires\u003c/code\u003e option to reject invalid dates\u003c/li\u003e\n\u003cli\u003epref: improve default decode speed\u003c/li\u003e\n\u003cli\u003epref: remove slow string split in parse\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/d19eaa1a2bb9ca43ac0951edd852ba4e88e410e0\"\u003e\u003ccode\u003ed19eaa1\u003c/code\u003e\u003c/a\u003e 0.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/bc38ffd0eae716b199236dda061d0bdc74192dd3\"\u003e\u003ccode\u003ebc38ffd\u003c/code\u003e\u003c/a\u003e Fix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014\"\u003e\u003ccode\u003ecf4658f\u003c/code\u003e\u003c/a\u003e 0.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e\"\u003e\u003ccode\u003e6a8b8f5\u003c/code\u003e\u003c/a\u003e Allow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0\"\u003e\u003ccode\u003e58015c0\u003c/code\u003e\u003c/a\u003e Remove more code and perf wins (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627\"\u003e\u003ccode\u003eab057d6\u003c/code\u003e\u003c/a\u003e 0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542\"\u003e\u003ccode\u003e5f02ca8\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579\"\u003e\u003ccode\u003ea5d591c\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105\"\u003e\u003ccode\u003e51968f9\u003c/code\u003e\u003c/a\u003e Skip isNaN\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc\"\u003e\u003ccode\u003e9e7ca51\u003c/code\u003e\u003c/a\u003e perf(parse): cache length, return early (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/cookie/compare/v0.4.2...v0.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~blakeembrey\"\u003eblakeembrey\u003c/a\u003e, a new releaser for cookie since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `crypto-js`\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 5.0.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca ...\n\n_Description has been truncated_","html_url":"https://github.com/fujimakis-sss/juice-shop/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fujimakis-sss%2Fjuice-shop/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"21.3.0","new_version":"21.3.2","update_type":"patch","path":null,"pr_created_at":"2026-05-19T17:40:24.000Z","version_change":"21.3.0 → 21.3.2","issue":{"uuid":"4479640634","node_id":"PR_kwDORCrDGM7dLk7y","number":16,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 26 updates","user":"dependabot[bot]","labels":["dependencies","javascript","size: XS","stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T17:40:24.000Z","updated_at":"2026-06-01T00:24:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":26,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"tar","old_version":"7.5.8","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"@opentelemetry/sdk-node","old_version":"0.211.0","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"4.0.1","new_version":"5.0.6","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.3.6","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"hono","old_version":"4.12.0","new_version":"4.12.21","repository_url":"https://github.com/honojs/hono"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"10.2.2","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"8.0.0","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"rollup","old_version":"4.55.3","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"simple-git","old_version":"3.30.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.8` | `7.5.11` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.211.0` | `0.218.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.1.0` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `4.0.1` | `5.0.6` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.5.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.3.6` | `5.8.0` |\n| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.21` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.2.2` | `10.2.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `8.0.0` |\n| [rollup](https://github.com/rollup/rollup) | `4.55.3` | `4.60.4` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.36.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.3` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/diagnostics-otel directory: [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.8 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.8...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchl...\n\n_Description has been truncated_","html_url":"https://github.com/moshehbenavraham/crocbot/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moshehbenavraham%2Fcrocbot/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"21.3.2","new_version":"22.0.1","update_type":"major","path":null,"pr_created_at":"2026-05-19T02:17:17.000Z","version_change":"21.3.2 → 22.0.1","issue":{"uuid":"4473898630","node_id":"PR_kwDOD_J6Kc7c5B02","number":1060,"state":"open","title":"chore(deps): Bump the client-prod-deps group across 1 directory with 17 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T02:17:17.000Z","updated_at":"2026-05-19T02:17:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"client-prod-deps","update_count":17,"packages":[{"name":"@capacitor/android","old_version":"7.4.4","new_version":"8.3.3","repository_url":"https://github.com/ionic-team/capacitor"},{"name":"@capacitor/core","old_version":"7.4.4","new_version":"8.3.3","repository_url":"https://github.com/ionic-team/capacitor"},{"name":"@capacitor/splash-screen","old_version":"7.0.3","new_version":"8.0.1","repository_url":"https://github.com/ionic-team/capacitor-plugins"},{"name":"@ionic/core","old_version":"8.8.1","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@ionic/vue","old_version":"8.8.1","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@ionic/vue-router","old_version":"8.7.17","new_version":"8.8.6","repository_url":"https://github.com/ionic-team/ionic-framework"},{"name":"@sentry/vue","old_version":"10.38.0","new_version":"10.52.0","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@zip.js/zip.js","old_version":"2.8.8","new_version":"2.8.26","repository_url":"https://github.com/gildas-lormeau/zip.js"},{"name":"axios","old_version":"1.15.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.4.0","new_version":"3.4.2","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"file-type","old_version":"21.3.2","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.5","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"pdfjs-dist","old_version":"5.4.624","new_version":"5.7.284","repository_url":"https://github.com/mozilla/pdf.js"},{"name":"vite-plugin-static-copy","old_version":"3.2.0","new_version":"4.1.0","repository_url":"https://github.com/sapphi-red/vite-plugin-static-copy"},{"name":"vue","old_version":"3.5.30","new_version":"3.5.34","repository_url":"https://github.com/vuejs/core"},{"name":"vue-i18n","old_version":"11.3.0","new_version":"11.4.2","repository_url":"https://github.com/intlify/vue-i18n"},{"name":"vue-router","old_version":"4.6.4","new_version":"5.0.6","repository_url":"https://github.com/vuejs/router"}],"path":null,"ecosystem":"npm"},"body":"Bumps the client-prod-deps group with 17 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@capacitor/android](https://github.com/ionic-team/capacitor) | `7.4.4` | `8.3.3` |\n| [@capacitor/core](https://github.com/ionic-team/capacitor) | `7.4.4` | `8.3.3` |\n| [@capacitor/splash-screen](https://github.com/ionic-team/capacitor-plugins) | `7.0.3` | `8.0.1` |\n| [@ionic/core](https://github.com/ionic-team/ionic-framework) | `8.8.1` | `8.8.6` |\n| [@ionic/vue](https://github.com/ionic-team/ionic-framework) | `8.8.1` | `8.8.6` |\n| [@ionic/vue-router](https://github.com/ionic-team/ionic-framework) | `8.7.17` | `8.8.6` |\n| [@sentry/vue](https://github.com/getsentry/sentry-javascript) | `10.38.0` | `10.52.0` |\n| [@zip.js/zip.js](https://github.com/gildas-lormeau/zip.js) | `2.8.8` | `2.8.26` |\n| [axios](https://github.com/axios/axios) | `1.15.0` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.0` | `3.4.2` |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.2` | `22.0.1` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` |\n| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `5.4.624` | `5.7.284` |\n| [vite-plugin-static-copy](https://github.com/sapphi-red/vite-plugin-static-copy) | `3.2.0` | `4.1.0` |\n| [vue](https://github.com/vuejs/core) | `3.5.30` | `3.5.34` |\n| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.3.0` | `11.4.2` |\n| [vue-router](https://github.com/vuejs/router) | `4.6.4` | `5.0.6` |\n\n\nUpdates `@capacitor/android` from 7.4.4 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/releases\"\u003e@​capacitor/android's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md\"\u003e@​capacitor/android's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Experimental config for swift-tools-version in SPM apps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8372\"\u003e#8372\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/d2ee84f8186909b142b418c02fc19f79d3c6a6ed\"\u003ed2ee84f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e support SPM package traits in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8351\"\u003e#8351\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/27e6aa89cf22e0b1a6d46710faed9aa8899600b0\"\u003e27e6aa8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.1.0...8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-03-06)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Add missing null checks in BridgeActivity (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8185\"\u003e#8185\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/bd29b9913a9279de26fc21c6cb0b93b8f5e5433a\"\u003ebd29b99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Concurrent Range Requests for assets (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8357\"\u003e#8357\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5e82c89f1bff6d0e9ccea2554007aacb920d4c58\"\u003e5e82c89\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/76ff70e0e40bbbca63c5195c572f166e5ce82089\"\u003e\u003ccode\u003e76ff70e\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003e\u003ccode\u003eb2d7719\u003c/code\u003e\u003c/a\u003e fix(cli): copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/23ad7f8a4231a3b78abec32bb67bbd0c415b5011\"\u003e\u003ccode\u003e23ad7f8\u003c/code\u003e\u003c/a\u003e Release 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003e\u003ccode\u003eb3c769e\u003c/code\u003e\u003c/a\u003e fix(cli): link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/560fd847d6d1153fd73edf9642108a57de2bd0d5\"\u003e\u003ccode\u003e560fd84\u003c/code\u003e\u003c/a\u003e docs: Update Contributing guide branches (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8425\"\u003e#8425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e\u003ccode\u003e790bd27\u003c/code\u003e\u003c/a\u003e fix(cli): generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e\u003ccode\u003e1f7e33f\u003c/code\u003e\u003c/a\u003e fix(cli): generate binaryTarget entries for custom xcframeworks in Package.sw...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e\u003ccode\u003e3232f0f\u003c/code\u003e\u003c/a\u003e fix(cli): add system framework and weak framework support in SPM Package.swif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e\u003ccode\u003e0bd0676\u003c/code\u003e\u003c/a\u003e fix(cli): add cSettings support for compiler flags in generated Package.swift...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e\u003ccode\u003e0da130e\u003c/code\u003e\u003c/a\u003e fix(cli): handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor/compare/7.4.4...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/android\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@capacitor/core` from 7.4.4 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/releases\"\u003e@​capacitor/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md\"\u003e@​capacitor/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.2...8.3.3\"\u003e8.3.3\u003c/a\u003e (2026-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003eb2d7719\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.1...8.3.2\"\u003e8.3.2\u003c/a\u003e (2026-05-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add cSettings support for compiler flags in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8448\"\u003e#8448\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e0bd0676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add system framework and weak framework support in SPM Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8447\"\u003e#8447\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e3232f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e correct Capacitor plugin SPM compat check (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8440\"\u003e#8440\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/e5ccc451dda27d56bca824ed644bd20fe4d988cb\"\u003ee5ccc45\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate binaryTarget entries for custom xcframeworks in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8445\"\u003e#8445\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e1f7e33f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e790bd27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e0da130e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003eb3c769e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e support Cordova plugins with Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8438\"\u003e#8438\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/139943b0c05fddb2d1ce2d6f468800fddf17b4cf\"\u003e139943b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e avoid extra view padding on API \u0026lt;= 34 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8439\"\u003e#8439\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5b135a70217be560e7176c8d5b514cc92ed3e4e4\"\u003e5b135a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.3.0...8.3.1\"\u003e8.3.1\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e handle null versionName in isNewBinary() (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8397\"\u003e#8397\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/aa1a660f364f9b5f5a1e350e279c8864b04dd13b\"\u003eaa1a660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eboundary value extraction for form-data requests (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/7518\"\u003e#7518\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/64ab854c12330804c24275d88d3a9f7c8e52a73d\"\u003e64ab854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e check CAPACITOR_COCOAPODS_PATH in determinePackageManager (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8407\"\u003e#8407\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/acb64ab92a37ff53701cde453558e272e2e11eb6\"\u003eacb64ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esystem-bars:\u003c/strong\u003e use separate current styles (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8409\"\u003e#8409\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3d1f8d1b61480187375f5cd4de7ba999db007542\"\u003e3d1f8d1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.2.0...8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-03-25)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e correctly parsing \u003ccode\u003eserver.url\u003c/code\u003e when they include paths (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8391\"\u003e#8391\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/a9f218179b60555d86b44bf2b33354da3e64e98c\"\u003ea9f2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e inline CSS sourcemaps in addition to JS sourcemaps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8377\"\u003e#8377\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/69476ab9c0b47911a14d2482cab53a877a5ae784\"\u003e69476ab\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehttp:\u003c/strong\u003e handle URL objects on fetch (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8386\"\u003e#8386\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/003099aef246adfd76d890074d46b1484951824b\"\u003e003099a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eios:\u003c/strong\u003e make getArray accesible on Objective-C plugins (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8392\"\u003e#8392\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/afb80f2fecb4bf85dbebe25e815de2a5564264d6\"\u003eafb80f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystemBars:\u003c/strong\u003e use native safe area insets on Android (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8384\"\u003e#8384\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/4e99598a2a57ee97e82be1aaa09492744622fa60\"\u003e4e99598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Experimental config for swift-tools-version in SPM apps (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8372\"\u003e#8372\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/d2ee84f8186909b142b418c02fc19f79d3c6a6ed\"\u003ed2ee84f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e support SPM package traits in generated Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8351\"\u003e#8351\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/27e6aa89cf22e0b1a6d46710faed9aa8899600b0\"\u003e27e6aa8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/compare/8.1.0...8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-03-06)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Add missing null checks in BridgeActivity (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8185\"\u003e#8185\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/bd29b9913a9279de26fc21c6cb0b93b8f5e5433a\"\u003ebd29b99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eandroid:\u003c/strong\u003e Concurrent Range Requests for assets (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8357\"\u003e#8357\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor/commit/5e82c89f1bff6d0e9ccea2554007aacb920d4c58\"\u003e5e82c89\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/76ff70e0e40bbbca63c5195c572f166e5ce82089\"\u003e\u003ccode\u003e76ff70e\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b2d771926a180e60deea31992d7d4abcd5ca3bc7\"\u003e\u003ccode\u003eb2d7719\u003c/code\u003e\u003c/a\u003e fix(cli): copy plugin files in CocoaPods projects (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8467\"\u003e#8467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/23ad7f8a4231a3b78abec32bb67bbd0c415b5011\"\u003e\u003ccode\u003e23ad7f8\u003c/code\u003e\u003c/a\u003e Release 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/b3c769e856c826b1174518877cf86ac7ce73bf09\"\u003e\u003ccode\u003eb3c769e\u003c/code\u003e\u003c/a\u003e fix(cli): link plugin dependencies in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8457\"\u003e#8457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/560fd847d6d1153fd73edf9642108a57de2bd0d5\"\u003e\u003ccode\u003e560fd84\u003c/code\u003e\u003c/a\u003e docs: Update Contributing guide branches (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8425\"\u003e#8425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/790bd27123497111984227010c3162cec94a108e\"\u003e\u003ccode\u003e790bd27\u003c/code\u003e\u003c/a\u003e fix(cli): generate resource entries in Package.swift (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8455\"\u003e#8455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/1f7e33fca43d183332ec19d22b0d75ef81d8cc6d\"\u003e\u003ccode\u003e1f7e33f\u003c/code\u003e\u003c/a\u003e fix(cli): generate binaryTarget entries for custom xcframeworks in Package.sw...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/3232f0fe1d9811b0b5c500e3dc05cb8a250177f8\"\u003e\u003ccode\u003e3232f0f\u003c/code\u003e\u003c/a\u003e fix(cli): add system framework and weak framework support in SPM Package.swif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0bd0676315c5fd77e50312dd7b5bf4990dcbd7d0\"\u003e\u003ccode\u003e0bd0676\u003c/code\u003e\u003c/a\u003e fix(cli): add cSettings support for compiler flags in generated Package.swift...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor/commit/0da130eb7a861bee4e2c35bc0aac53ba9c983fc3\"\u003e\u003ccode\u003e0da130e\u003c/code\u003e\u003c/a\u003e fix(cli): handle Cordova plugins without iOS source files (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor/issues/8443\"\u003e#8443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor/compare/7.4.4...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@capacitor/splash-screen` from 7.0.3 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/capacitor-plugins/releases\"\u003e@​capacitor/splash-screen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/8\"\u003e\u003ccode\u003e@​8\u003c/code\u003e\u003c/a\u003e.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@8.0.0...@capacitor/splash-screen@8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a8760a989f594bc406d0ec7da58125d17447cae4\"\u003ea8760a9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/8\"\u003e\u003ccode\u003e@​8\u003c/code\u003e\u003c/a\u003e.0.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@8.0.0-beta.0...@capacitor/splash-screen@8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-08)\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.4...@capacitor/splash-screen@7.0.5\"\u003e7.0.5\u003c/a\u003e (2026-02-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/5c3580726b7b216077d903de3546754a87588ac6\"\u003e5c35807\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.3...@capacitor/splash-screen@7.0.4\"\u003e7.0.4\u003c/a\u003e (2025-11-26)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/bf4fe8c9ace79237c048c9b5ee0ab7455042bc86\"\u003e\u003ccode\u003ebf4fe8c\u003c/code\u003e\u003c/a\u003e chore(release): publish [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/3ca026a2f730ec50ac55840cd305ead79fe7dd7e\"\u003e\u003ccode\u003e3ca026a\u003c/code\u003e\u003c/a\u003e fix(app-launcher): improvements on canOpenUrl and openUrl (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2476\"\u003e#2476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a8760a989f594bc406d0ec7da58125d17447cae4\"\u003e\u003ccode\u003ea8760a9\u003c/code\u003e\u003c/a\u003e fix: AGP 9.0 no longer supporting \u003ccode\u003eproguard-android.txt\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2468\"\u003e#2468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/1f3e9f027a3447d10e8a037412ebaaf8bf3ee7bd\"\u003e\u003ccode\u003e1f3e9f0\u003c/code\u003e\u003c/a\u003e chore(ci): download iOS simulators (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2472\"\u003e#2472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/c1a313134c87d52e66a42e041caf2a6d74aafdab\"\u003e\u003ccode\u003ec1a3131\u003c/code\u003e\u003c/a\u003e chore(ci): remove Xcode 16 workaround (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2466\"\u003e#2466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/f0c2e127fb86e14b9f9081dcfadee3eec8a148fb\"\u003e\u003ccode\u003ef0c2e12\u003c/code\u003e\u003c/a\u003e docs(README): Fix link to \u003ccode\u003e@​capacitor/keyboard\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/c1fe5621b3b2ba57585b94d2a71491aa8bcac7eb\"\u003e\u003ccode\u003ec1fe562\u003c/code\u003e\u003c/a\u003e chore(release): publish [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/77bb93bb18ad8c41ba75ac8328d4ec03a63b2ff2\"\u003e\u003ccode\u003e77bb93b\u003c/code\u003e\u003c/a\u003e chore: Use Capacitor 8 stable version (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2452\"\u003e#2452\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/8152fc17904fd1a540fef52b027693ba46e98b58\"\u003e\u003ccode\u003e8152fc1\u003c/code\u003e\u003c/a\u003e docs(splash-screen): fix typo in README regarding Android 12 issues (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2456\"\u003e#2456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/capacitor-plugins/commit/a58d05ed9fb3226790358a4ef2ded1aae0609dc9\"\u003e\u003ccode\u003ea58d05e\u003c/code\u003e\u003c/a\u003e docs(README): Indicate that plugins are for Capacitor 8 (\u003ca href=\"https://redirect.github.com/ionic-team/capacitor-plugins/issues/2453\"\u003e#2453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/splash-screen@7.0.3...@capacitor/splash-screen@8.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~capacitor-plugin-bot\"\u003ecapacitor-plugin-bot\u003c/a\u003e, a new releaser for \u003ccode\u003e@​capacitor/splash-screen\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/core` from 8.8.1 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.2\"\u003e8.8.2\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eangular:\u003c/strong\u003e forward generic type parameter on ModalOptions and PopoverOptions (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31022\"\u003e#31022\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/cbfe7cce3be345eacbf9fe29e74438a927c16679\"\u003ecbfe7cc\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31012\"\u003e#31012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e re-evaluate label visibility when label is updated (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30980\"\u003e#30980\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ce83407e1debbe74f20d2d6dc2535a0ef3f974a0\"\u003ece83407\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30632\"\u003e#30632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e days keep in focus after changing the month (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31021\"\u003e#31021\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/5fdaba2b021fe8b2b43a49eae7c687544c97d502\"\u003e5fdaba2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/blob/main/CHANGELOG.md\"\u003e@​ionic/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/237c628741f368b179d61fca76a2ba14947ea811\"\u003e\u003ccode\u003e237c628\u003c/code\u003e\u003c/a\u003e v8.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e\u003ccode\u003e44be424\u003c/code\u003e\u003c/a\u003e fix(segment): segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003e\u003ccode\u003ec18502f\u003c/code\u003e\u003c/a\u003e fix(action-sheet): restore action-sheet-selected class on non-radio buttons (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/8702ab9487f0615a3e538dc0bbfd2e9884b4669c\"\u003e\u003ccode\u003e8702ab9\u003c/code\u003e\u003c/a\u003e chore(deps): update pozil/auto-assign-issue action to v3 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31094\"\u003e#31094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e\u003ccode\u003e30b479a\u003c/code\u003e\u003c/a\u003e fix(datetime): prevent hidden-state observer from tearing down ready class on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f8977021f96da7ff75e7292b82cda2bc93e80cfd\"\u003e\u003ccode\u003ef897702\u003c/code\u003e\u003c/a\u003e chore(vercel): use absolute hrefs in preview dir indexes (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31106\"\u003e#31106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/d26017f6868b168344de0d64c63a1eea9397fee9\"\u003e\u003ccode\u003ed26017f\u003c/code\u003e\u003c/a\u003e merge release-8.8.5 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31099\"\u003e#31099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/b57075fe47215ee8648587747f031c21ba277c39\"\u003e\u003ccode\u003eb57075f\u003c/code\u003e\u003c/a\u003e chore(): update package lock files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ba8b2919adb4c4edd345ed246f08fbc3b6a0111f\"\u003e\u003ccode\u003eba8b291\u003c/code\u003e\u003c/a\u003e v8.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003e\u003ccode\u003efd79771\u003c/code\u003e\u003c/a\u003e fix(select): select focused option on Enter in popover and modal interfaces (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/vue` from 8.8.1 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/vue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.2\"\u003e8.8.2\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eangular:\u003c/strong\u003e forward generic type parameter on ModalOptions and PopoverOptions (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31022\"\u003e#31022\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/cbfe7cce3be345eacbf9fe29e74438a927c16679\"\u003ecbfe7cc\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31012\"\u003e#31012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e re-evaluate label visibility when label is updated (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30980\"\u003e#30980\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ce83407e1debbe74f20d2d6dc2535a0ef3f974a0\"\u003ece83407\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30632\"\u003e#30632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e days keep in focus after changing the month (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31021\"\u003e#31021\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/5fdaba2b021fe8b2b43a49eae7c687544c97d502\"\u003e5fdaba2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/blob/main/CHANGELOG.md\"\u003e@​ionic/vue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3cd39b7fb291286374285c4a326ec6b9a8ea237\"\u003ef3cd39b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31015\"\u003e#31015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eselect:\u003c/strong\u003e select focused option on Enter in popover and modal interfaces (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31093\"\u003e#31093\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003efd79771\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30561\"\u003e#30561\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.3...v8.8.4\"\u003e8.8.4\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003echeckbox:\u003c/strong\u003e show labels after page navigation (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31062\"\u003e#31062\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f4ac4459f8317bd5eeff7d4809f9cb0991c8efd9\"\u003ef4ac445\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31052\"\u003e#31052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e multiple month selected and flakiness display (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31053\"\u003e#31053\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/308aef569d8c6ebc3ad2186bca6969da8e4b2a8d\"\u003e308aef5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etab-button:\u003c/strong\u003e update dark palette focused background color (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31050\"\u003e#31050\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/dec46b5d317080dd5d97dc056f0d8e6d4c8c45ac\"\u003edec46b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.2...v8.8.3\"\u003e8.8.3\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e scroll failing for adjacent days on ios (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31033\"\u003e#31033\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/3afd67f997521290a34c4448445ae227dc67f8f1\"\u003e3afd67f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einput-otp:\u003c/strong\u003e prevent deletion and paste when disabled or readonly (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30983\"\u003e#30983\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/81aa977fde4867146adf67fcf72e24026574929c\"\u003e81aa977\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/30913\"\u003e#30913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/237c628741f368b179d61fca76a2ba14947ea811\"\u003e\u003ccode\u003e237c628\u003c/code\u003e\u003c/a\u003e v8.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e\u003ccode\u003e44be424\u003c/code\u003e\u003c/a\u003e fix(segment): segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003e\u003ccode\u003ec18502f\u003c/code\u003e\u003c/a\u003e fix(action-sheet): restore action-sheet-selected class on non-radio buttons (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/8702ab9487f0615a3e538dc0bbfd2e9884b4669c\"\u003e\u003ccode\u003e8702ab9\u003c/code\u003e\u003c/a\u003e chore(deps): update pozil/auto-assign-issue action to v3 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31094\"\u003e#31094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e\u003ccode\u003e30b479a\u003c/code\u003e\u003c/a\u003e fix(datetime): prevent hidden-state observer from tearing down ready class on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f8977021f96da7ff75e7292b82cda2bc93e80cfd\"\u003e\u003ccode\u003ef897702\u003c/code\u003e\u003c/a\u003e chore(vercel): use absolute hrefs in preview dir indexes (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31106\"\u003e#31106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/d26017f6868b168344de0d64c63a1eea9397fee9\"\u003e\u003ccode\u003ed26017f\u003c/code\u003e\u003c/a\u003e merge release-8.8.5 (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31099\"\u003e#31099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/b57075fe47215ee8648587747f031c21ba277c39\"\u003e\u003ccode\u003eb57075f\u003c/code\u003e\u003c/a\u003e chore(): update package lock files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/ba8b2919adb4c4edd345ed246f08fbc3b6a0111f\"\u003e\u003ccode\u003eba8b291\u003c/code\u003e\u003c/a\u003e v8.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/fd79771e5be77c9f38379a3a7b9ab44bb11ff325\"\u003e\u003ccode\u003efd79771\u003c/code\u003e\u003c/a\u003e fix(select): select focused option on Enter in popover and modal interfaces (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.1...v8.8.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@ionic/vue-router` from 8.7.17 to 8.8.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ionic-team/ionic-framework/releases\"\u003e@​ionic/vue-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.8.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.5...v8.8.6\"\u003e8.8.6\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaction-sheet:\u003c/strong\u003e restore action-sheet-selected class on non-radio buttons (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31109\"\u003e#31109\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/c18502f3efdec5440a11289235a93c62ce27ab89\"\u003ec18502f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31090\"\u003e#31090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edatetime:\u003c/strong\u003e prevent hidden-state observer from tearing down ready class on initial entry (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31108\"\u003e#31108\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/30b479a53acbc16961002df256bec358dc11e7fa\"\u003e30b479a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esegment:\u003c/strong\u003e segment drag would set disabled segment button checked (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31112\"\u003e#31112\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/44be424221bee11ffbe91c4b1fa0a4d56fe1ecac\"\u003e44be424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.8.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ionic-team/ionic-framework/compare/v8.8.4...v8.8.5\"\u003e8.8.5\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emodal:\u003c/strong\u003e remove safe-area gap and flash in fullscreen modals (\u003ca href=\"https://redirect.github.com/ionic-team/ionic-framework/issues/31092\"\u003e#31092\u003c/a\u003e) (\u003ca href=\"https://github.com/ionic-team/ionic-framework/commit/f3c...\n\n_Description has been truncated_","html_url":"https://github.com/admariner/parsec-cloud/pull/1060","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/admariner%2Fparsec-cloud/issues/1060","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1060/packages"}},{"old_version":"22.0.0","new_version":"22.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T23:56:46.000Z","version_change":"22.0.0 → 22.0.1","issue":{"uuid":"4473377011","node_id":"PR_kwDOM5Y-Bc7c3YwV","number":2370,"state":"open","title":"build(deps): bump the all-minor-patch group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T23:56:46.000Z","updated_at":"2026-05-19T00:14:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"all-minor-patch","update_count":22,"packages":[{"name":"@types/node","old_version":"25.6.2","new_version":"25.8.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"eslint","old_version":"10.3.0","new_version":"10.4.0","repository_url":"https://github.com/eslint/eslint"},{"name":"jest","old_version":"30.4.1","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"typescript-eslint","old_version":"8.59.2","new_version":"8.59.3","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"vite","old_version":"8.0.11","new_version":"8.0.13","repository_url":"https://github.com/vitejs/vite"},{"name":"@graphql-hive/render-laboratory","old_version":"0.1.7","new_version":"0.1.8","repository_url":"https://github.com/graphql-hive/console"},{"name":"ws","old_version":"8.20.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@nestjs/common","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/core","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/platform-express","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/testing","old_version":"11.1.19","new_version":"11.1.21","repository_url":"https://github.com/nestjs/nest"},{"name":"file-type","old_version":"22.0.0","new_version":"22.0.1","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"@nats-io/nats-core","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/nats-io/nats.js"},{"name":"@nats-io/transport-node","old_version":"3.3.1","new_version":"3.4.0","repository_url":"https://github.com/nats-io/nats.js"},{"name":"@graphql-hive/router-query-planner","old_version":"0.0.24","new_version":"0.0.27","repository_url":"https://github.com/graphql-hive/router"},{"name":"@aws-sdk/client-sts","old_version":"3.1045.0","new_version":"3.1047.0","repository_url":"https://github.com/aws/aws-sdk-js-v3"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"express","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/expressjs/express"},{"name":"@cloudflare/workers-types","old_version":"4.20260508.1","new_version":"4.20260515.1","repository_url":"https://github.com/cloudflare/workerd"},{"name":"wrangler","old_version":"4.90.0","new_version":"4.92.0","repository_url":"https://github.com/cloudflare/workers-sdk"},{"name":"@graphql-codegen/typescript-resolvers","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/dotansimha/graphql-code-generator"},{"name":"@graphql-codegen/typescript-operations","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/dotansimha/graphql-code-generator"}],"path":null,"ecosystem":"npm"},"body":"Bumps the all-minor-patch group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.2` | `25.8.0` |\n| [eslint](https://github.com/eslint/eslint) | `10.3.0` | `10.4.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.4.1` | `30.4.2` |\n| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.2` | `8.59.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.11` | `8.0.13` |\n| [@graphql-hive/render-laboratory](https://github.com/graphql-hive/console/tree/HEAD/packages/render-laboratory) | `0.1.7` | `0.1.8` |\n| [ws](https://github.com/websockets/ws) | `8.20.0` | `8.20.1` |\n| [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `11.1.19` | `11.1.21` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.19` | `11.1.21` |\n| [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `11.1.19` | `11.1.21` |\n| [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing) | `11.1.19` | `11.1.21` |\n| [file-type](https://github.com/sindresorhus/file-type) | `22.0.0` | `22.0.1` |\n| [@nats-io/nats-core](https://github.com/nats-io/nats.js) | `3.3.1` | `3.4.0` |\n| [@nats-io/transport-node](https://github.com/nats-io/nats.js) | `3.3.1` | `3.4.0` |\n| [@graphql-hive/router-query-planner](https://github.com/graphql-hive/router/tree/HEAD/lib/node-addon) | `0.0.24` | `0.0.27` |\n| [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.1045.0` | `3.1047.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.25.12` | `0.28.0` |\n| [express](https://github.com/expressjs/express) | `5.2.0` | `5.2.1` |\n| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260508.1` | `4.20260515.1` |\n| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.90.0` | `4.92.0` |\n| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `6.0.0` | `6.0.1` |\n| [@graphql-codegen/typescript-operations](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/operations) | `6.0.1` | `6.0.2` |\n\n\nUpdates `@types/node` from 25.6.2 to 25.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 10.3.0 to 10.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.4.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1a45ec596af1dd5f880e6874cb8f24dafb6a7ecf\"\u003e\u003ccode\u003e1a45ec5\u003c/code\u003e\u003c/a\u003e feat: check sequence expressions in \u003ccode\u003efor-direction\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20701\"\u003e#20701\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/450040bd89b989b3531824c6be45feb5fe3d936b\"\u003e\u003ccode\u003e450040b\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eincludeIgnoreFile()\u003c/code\u003e to \u003ccode\u003eeslint/config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20735\"\u003e#20735\u003c/a\u003e) (Kirk Waiblinger)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/544c0c3da589166ad8e5d634f35d3d06701c57be\"\u003e\u003ccode\u003e544c0c3\u003c/code\u003e\u003c/a\u003e fix: escape code path DOT labels in debug output (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20866\"\u003e#20866\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6799431203f2579632d0870f98ba132067f4040c\"\u003e\u003ccode\u003e6799431\u003c/code\u003e\u003c/a\u003e fix: update dependency \u003ccode\u003e@​eslint/config-helpers\u003c/code\u003e to ^0.6.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20850\"\u003e#20850\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f078fef5005dceb14fc162aab7c7200e027688dd\"\u003e\u003ccode\u003ef078fef\u003c/code\u003e\u003c/a\u003e fix: handle non-array deprecated rule replacements (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20825\"\u003e#20825\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7e52a7151fb92eec0e0f67fe4e5ddbd1ccce796f\"\u003e\u003ccode\u003e7e52a71\u003c/code\u003e\u003c/a\u003e docs: add mention of \u003ccode\u003e@eslint-react/eslint-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20869\"\u003e#20869\u003c/a\u003e) (Pavel)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/db3468ba746407d7f286f18f7ea9db6df0e3bc08\"\u003e\u003ccode\u003edb3468b\u003c/code\u003e\u003c/a\u003e docs: tweak wording around ambiguous CJS-vs-ESM config (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20865\"\u003e#20865\u003c/a\u003e) (Kirk Waiblinger)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/90846643ec6e97d447ae0d831fabe6d17b0a998a\"\u003e\u003ccode\u003e9084664\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9cc73875046e3c4b8313644cbb1e99e26b36bd3f\"\u003e\u003ccode\u003e9cc7387\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3d7b5484407403817aa9071a394d336d8ea96eb5\"\u003e\u003ccode\u003e3d7b548\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/191ec3c0a3f94ce0f110df761f0b2b8949011ccb\"\u003e\u003ccode\u003e191ec3c\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6616856f28fa514a30f87b5539fc100d739a94bf\"\u003e\u003ccode\u003e6616856\u003c/code\u003e\u003c/a\u003e chore: upgrade knip to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20875\"\u003e#20875\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d13b084a3ad02f926e9addaa35fc383759ea5554\"\u003e\u003ccode\u003ed13b084\u003c/code\u003e\u003c/a\u003e ci: ensure auto-created PRs run CI (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20860\"\u003e#20860\u003c/a\u003e) (lumir)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e71c7af86dce9acc1d18cb12d2184309f6841594\"\u003e\u003ccode\u003ee71c7af\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20862\"\u003e#20862\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d84393dea170f54191fd20c8268b52c81c0ccd99\"\u003e\u003ccode\u003ed84393d\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.applySuppressions() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20863\"\u003e#20863\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/24db8cb8e6f07fba667121777a15b1785486be94\"\u003e\u003ccode\u003e24db8cb\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.save() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20802\"\u003e#20802\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2ef0549cac4a9537e4c3a26b9f3edd4c99476bf6\"\u003e\u003ccode\u003e2ef0549\u003c/code\u003e\u003c/a\u003e chore: update ecosystem plugins (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20857\"\u003e#20857\u003c/a\u003e) (github-actions[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a4297918d264d229a06cd96051ef9b91c7b86732\"\u003e\u003ccode\u003ea429791\u003c/code\u003e\u003c/a\u003e ci: remove \u003ccode\u003eeslint-webpack-plugin\u003c/code\u003e types integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20668\"\u003e#20668\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9e37386aa7f2ce220b2ef74a6afbac5f6b3527c5\"\u003e\u003ccode\u003e9e37386\u003c/code\u003e\u003c/a\u003e chore: replace \u003ccode\u003erecast\u003c/code\u003e with range approach in code-sample-minimizer (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20682\"\u003e#20682\u003c/a\u003e) (Copilot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/0dd1f9ffc9a07704d46e2a4c8d4ccc0d0908b0c0\"\u003e\u003ccode\u003e0dd1f9f\u003c/code\u003e\u003c/a\u003e test: disable warning for \u003ccode\u003evm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20845\"\u003e#20845\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/9da3c7bc92d9579f8db19ecb56e718538d09db2b\"\u003e\u003ccode\u003e9da3c7b\u003c/code\u003e\u003c/a\u003e refactor: remove deprecated \u003ccode\u003emeta.language\u003c/code\u003e and migrate \u003ccode\u003emeta.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20716\"\u003e#20716\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2099ed12a0a74c3d7f0808514362af2499b4fe2b\"\u003e\u003ccode\u003e2099ed1\u003c/code\u003e\u003c/a\u003e refactor: add \u003ccode\u003emeta.defaultOptions\u003c/code\u003e to more rules, enable linting (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20800\"\u003e#20800\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f1dfbc9ca57196de7092e1888cc99427bd6fe06e\"\u003e\u003ccode\u003ef1dfbc9\u003c/code\u003e\u003c/a\u003e chore: update ecosystem plugins (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20836\"\u003e#20836\u003c/a\u003e) (github-actions[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c75941390c14728806cd4baef4f6072f6de78318\"\u003e\u003ccode\u003ec759413\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20843\"\u003e#20843\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5b817d6fdc9ae2c35b528dc662b2eca8f40f64aa\"\u003e\u003ccode\u003e5b817d6\u003c/code\u003e\u003c/a\u003e test: add unit tests for lib/shared/ast-utils (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20838\"\u003e#20838\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1c13ae3934c198c494e5958fa3a68b33244ff06a\"\u003e\u003ccode\u003e1c13ae3\u003c/code\u003e\u003c/a\u003e test: add unit tests for lib/shared/severity (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20835\"\u003e#20835\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/452c4010c07dc2e36fe6ec6a8c48298878e86887\"\u003e\u003ccode\u003e452c401\u003c/code\u003e\u003c/a\u003e 10.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6417e8b55c9525070d6e168b485ce6ff21688ed\"\u003e\u003ccode\u003eb6417e8\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6616856f28fa514a30f87b5539fc100d739a94bf\"\u003e\u003ccode\u003e6616856\u003c/code\u003e\u003c/a\u003e chore: upgrade knip to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20875\"\u003e#20875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d13b084a3ad02f926e9addaa35fc383759ea5554\"\u003e\u003ccode\u003ed13b084\u003c/code\u003e\u003c/a\u003e ci: ensure auto-created PRs run CI (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20860\"\u003e#20860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7e52a7151fb92eec0e0f67fe4e5ddbd1ccce796f\"\u003e\u003ccode\u003e7e52a71\u003c/code\u003e\u003c/a\u003e docs: add mention of \u003ccode\u003e@eslint-react/eslint-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20869\"\u003e#20869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e71c7af86dce9acc1d18cb12d2184309f6841594\"\u003e\u003ccode\u003ee71c7af\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20862\"\u003e#20862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/544c0c3da589166ad8e5d634f35d3d06701c57be\"\u003e\u003ccode\u003e544c0c3\u003c/code\u003e\u003c/a\u003e fix: escape code path DOT labels in debug output (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20866\"\u003e#20866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/db3468ba746407d7f286f18f7ea9db6df0e3bc08\"\u003e\u003ccode\u003edb3468b\u003c/code\u003e\u003c/a\u003e docs: tweak wording around ambiguous CJS-vs-ESM config (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20865\"\u003e#20865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d84393dea170f54191fd20c8268b52c81c0ccd99\"\u003e\u003ccode\u003ed84393d\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.applySuppressions() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20863\"\u003e#20863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/90846643ec6e97d447ae0d831fabe6d17b0a998a\"\u003e\u003ccode\u003e9084664\u003c/code\u003e\u003c/a\u003e docs: Update README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v10.3.0...v10.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.4.1 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript-eslint` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003etypescript-eslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md\"\u003etypescript-eslint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for typescript-eslint to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/typescript-eslint\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 8.0.11 to 8.0.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.12...v8.0.13\"\u003e8.0.13\u003c/a\u003e (2026-05-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebundled-dev:\u003c/strong\u003e add lazy bundling support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21406\"\u003e#21406\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192\"\u003e4f0949f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e improve the esbuild plugin converter to pass some properties of build result to \u003ccode\u003eonEnd\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22357\"\u003e#22357\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957\"\u003e47071ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.1 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22444\"\u003e#22444\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18\"\u003e8c766a6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebuild:\u003c/strong\u003e copy public directory after building same environment with \u003ccode\u003ewrite=false\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22328\"\u003e#22328\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e\"\u003e158e8ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecss:\u003c/strong\u003e await sass/less/styl worker disposal on teardown (fix \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22274\"\u003e#22274\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22275\"\u003e#22275\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade\"\u003eb7edcb7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecss:\u003c/strong\u003e keep deprecated \u003ccode\u003ename\u003c/code\u003e/\u003ccode\u003eoriginalFileName\u003c/code\u003e in synthetic \u003ccode\u003eassetFileNames\u003c/code\u003e call (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22439\"\u003e#22439\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa\"\u003e8e59c97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eisBundled\u003c/code\u003e per environment (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22257\"\u003e#22257\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55\"\u003ea576326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003essr:\u003c/strong\u003e avoid rewriting labels that collide with imports (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22451\"\u003e#22451\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566\"\u003ed9b18e0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22430\"\u003e#22430\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6ea383859aaf0ef8e673b458f164e84aeb6ff51d\"\u003e6ea3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate changelog (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22413\"\u003e#22413\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74\"\u003efcdc87c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.11...v8.0.12\"\u003e8.0.12\u003c/a\u003e (2026-05-11)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22401\"\u003e#22401\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cf0ff4154b26cffbf18541ade1a50818842731d3\"\u003ecf0ff41\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22420\"\u003e#22420\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2be6000130e3ae2160acc301baa4f7913fbc1f6e\"\u003e2be6000\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emodule-runner:\u003c/strong\u003e prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22369\"\u003e#22369\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f5a22e62ada75286138b7ceb3825e43958ef00e1\"\u003ef5a22e6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefer to \u003ccode\u003erolldownOptions\u003c/code\u003e instead of deprecated \u003ccode\u003erollupOptions\u003c/code\u003e in messages (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22400\"\u003e#22400\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b675c7b6697423275ad9dd521d3ce7c8679761a0\"\u003eb675c7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eworker:\u003c/strong\u003e apply \u003ccode\u003ebuild.target\u003c/code\u003e to worker bundle (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22404\"\u003e#22404\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3c93fde21f07d44db7669ca7484f4e7a8767afe5\"\u003e3c93fde\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eworker:\u003c/strong\u003e forward define to worker bundle transform (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22408\"\u003e#22408\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d4838a0358d9f04a980d4d2ac7263f21a6b28ee2\"\u003ed4838a0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update dependency eslint-plugin-n to v18 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22423\"\u003e#22423\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2fe7bd2d73beb697a3d149e943ac74b768c9d27f\"\u003e2fe7bd2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22421\"\u003e#22421\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/66b9eb35188007e0e9a1bd03b4be820016cad60b\"\u003e66b9eb3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/a46f11a6c218f74b08ffb3e33a25c2ce02ba6643\"\u003e\u003ccode\u003ea46f11a\u003c/code\u003e\u003c/a\u003e release: v8.0.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566\"\u003e\u003ccode\u003ed9b18e0\u003c/code\u003e\u003c/a\u003e fix(ssr): avoid rewriting labels that collide with imports (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192\"\u003e\u003ccode\u003e4f0949f\u003c/code\u003e\u003c/a\u003e feat(bundled-dev): add lazy bundling support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21406\"\u003e#21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e\"\u003e\u003ccode\u003e158e8ae\u003c/code\u003e\u003c/a\u003e fix(build): copy public directory after building same environment with `write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957\"\u003e\u003ccode\u003e47071ce\u003c/code\u003e\u003c/a\u003e feat(optimizer): improve the esbuild plugin converter to pass some properties...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa\"\u003e\u003ccode\u003e8e59c97\u003c/code\u003e\u003c/a\u003e fix(css): keep deprecated \u003ccode\u003ename\u003c/code\u003e/\u003ccode\u003eoriginalFileName\u003c/code\u003e in synthetic `assetFileNa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55\"\u003e\u003ccode\u003ea576326\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003eisBundled\u003c/code\u003e per environment (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22257\"\u003e#22257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18\"\u003e\u003ccode\u003e8c766a6\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.1 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22444\"\u003e#22444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade\"\u003e\u003ccode\u003eb7edcb7\u003c/code\u003e\u003c/a\u003e fix(css): await sass/less/styl worker disposal on teardown (fix \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22274\"\u003e#22274\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22275\"\u003e#22275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74\"\u003e\u003ccode\u003efcdc87c\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22413\"\u003e#22413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.13/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@graphql-hive/render-laboratory` from 0.1.7 to 0.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/graphql-hive/console/releases\"\u003e@​graphql-hive/render-laboratory's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​graphql-hive/render-laboratory\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/graphql-hive/console/pull/8024\"\u003e#8024\u003c/a\u003e\n\u003ca href=\"https://github.com/graphql-hive/console/commit/0e3ce400706c625925161f8d59cc5691380cef07\"\u003e\u003ccode\u003e0e3ce40\u003c/code\u003e\u003c/a\u003e\nThanks \u003ca href=\"https://github.com/mskorokhodov\"\u003e\u003ccode\u003e@​mskorokhodov\u003c/code\u003e\u003c/a\u003e! - Hive laboratory introspection query to\ninclude active tab headers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies\n[\u003ca href=\"https://github.com/graphql-hive/console/commit/0e3ce400706c625925161f8d59cc5691380cef07\"\u003e\u003ccode\u003e0e3ce40\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​graphql-hive/laboratory\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/graphql-hive/console/commits/@graphql-hive/render-laboratory@0.1.8/packages/render-laboratory\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/common` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/4b6420b9a703f8608d86bcbff88d045511ce36d6\"\u003e\u003ccode\u003e4b6420b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/common/issues/16902\"\u003e#16902\u003c/a\u003e from QusaiAlbonni/fix/filetype-validator-buffer-mes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/33515ed0576ed47bf7c9fe1cba85cf5b9bfe52de\"\u003e\u003ccode\u003e33515ed\u003c/code\u003e\u003c/a\u003e fix(common): improve missing buffer error message in file type validator\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/9226a6f6134741976144b967585967f3823f755a\"\u003e\u003ccode\u003e9226a6f\u003c/code\u003e\u003c/a\u003e fix: Add missing validateEach for UsePipes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/1501bc0600fa88a9d0d5b03ec8105f00e582bb48\"\u003e\u003ccode\u003e1501bc0\u003c/code\u003e\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/common\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d48f21d4a9c29340b20411c459c3d4cc340596da\"\u003e\u003ccode\u003ed48f21d\u003c/code\u003e\u003c/a\u003e fix(core): settle skipped provider initialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/2e290c69c952e71a9fb8b6bef31e71d0307ce88b\"\u003e\u003ccode\u003e2e290c6\u003c/code\u003e\u003c/a\u003e fix(core): fix deeply nested transient providers resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/958ff952c00bd5a25efa04ffaafac28721af7827\"\u003e\u003ccode\u003e958ff95\u003c/code\u003e\u003c/a\u003e fix(core): Delay SSE response .end() until flush\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7c10646a0573ff0f30224ca3ca8b7803ed6c6bf6\"\u003e\u003ccode\u003e7c10646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16753\"\u003e#16753\u003c/a\u003e from jkalberer/fix/sse-pipe-validation-error-status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/895fdf321e7089f0dcf24d73ce929e2f346c5bb3\"\u003e\u003ccode\u003e895fdf3\u003c/code\u003e\u003c/a\u003e fix(core): Use strict null check for SSE message id\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/457630a65f404ee9d96ed84f6083767ef4b8ef8c\"\u003e\u003ccode\u003e457630a\u003c/code\u003e\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/platform-express` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/platform-express's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5e33ecfad88db4d9af659f38de56cd55c5c8ed10\"\u003e\u003ccode\u003e5e33ecf\u003c/code\u003e\u003c/a\u003e feat: add MulterOptions and MulterField interfaces for express platform confi...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/platform-express\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/testing` from 11.1.19 to 11.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/testing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.21 (2026-05-14)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16948\"\u003e#16948\u003c/a\u003e fix(core): settle skipped provider initialization (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eSerge Yudin (\u003ca href=\"https://github.com/yudin-s\"\u003e\u003ccode\u003e@​yudin-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.20 (2026-05-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003etesting\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16939\"\u003e#16939\u003c/a\u003e fix(core): fix deeply nested transient providers resolution (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16861\"\u003e#16861\u003c/a\u003e fix(core): fix \u003ca href=\"https://github.com/Sse\"\u003e\u003ccode\u003e@​Sse\u003c/code\u003e\u003c/a\u003e losing events on complete (\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16753\"\u003e#16753\u003c/a\u003e fix(core): defer sse writehead until after lifecycle completes (\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16782\"\u003e#16782\u003c/a\u003e fix(core): use strict null check for SSE message id (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16850\"\u003e#16850\u003c/a\u003e fix(microservices): ServerRMQ crashes at boot when \u003ca href=\"https://github.com/MessagePattern\"\u003e\u003ccode\u003e@​MessagePattern\u003c/code\u003e\u003c/a\u003e(undefined) is combined with wildcards: true (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16845\"\u003e#16845\u003c/a\u003e fix(common): accept zero timestamp in parse date pipe (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-socket.io\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16742\"\u003e#16742\u003c/a\u003e fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (\u003ca href=\"https://github.com/fru1tworld\"\u003e\u003ccode\u003e@​fru1tworld\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16676\"\u003e#16676\u003c/a\u003e feat(microservices): add return buffers option for binary data (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16826\"\u003e#16826\u003c/a\u003e feat(microservices): handle rmq blocked/unblocked connection events (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16902\"\u003e#16902\u003c/a\u003e fix(common): filetype validator buffer message (\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-express\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16844\"\u003e#16844\u003c/a\u003e feat(platform-express): add defParamCharset to MulterOptions (\u003ca href=\"https://github.com/starnayuta\"\u003e\u003ccode\u003e@​starnayuta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16941\"\u003e#16941\u003c/a\u003e chore(deps): bump ws from 8.20.0 to 8.20.1 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 13\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAli Hassan (\u003ca href=\"https://github.com/thisalihassan\"\u003e\u003ccode\u003e@​thisalihassan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDmytro Khyzhniak (\u003ca href=\"https://github.com/lavieennoir\"\u003e\u003ccode\u003e@​lavieennoir\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHarsh Rathod (\u003ca href=\"https://github.com/harshrathod50\"\u003e\u003ccode\u003e@​harshrathod50\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIlyaCredo (\u003ca href=\"https://github.com/Forceres\"\u003e\u003ccode\u003e@​Forceres\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMysh3ll (\u003ca href=\"https://github.com/Mysh3ll\"\u003e\u003ccode\u003e@​Mysh3ll\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthiasBrehmer\"\u003e\u003ccode\u003e@​MatthiasBrehmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/QusaiAlbonni\"\u003e\u003ccode\u003e@​QusaiAlbonni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkalberer\"\u003e\u003ccode\u003e@​jkalberer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pazaderey\"\u003e\u003ccode\u003e@​pazaderey\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/983dd52c4927753be3421162fc43e4fde8d3fcde\"\u003e\u003ccode\u003e983dd52\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.21 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/a0b01390c1c5034f3bd899c277e62860079db8c0\"\u003e\u003ccode\u003ea0b0139\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda\"\u003e\u003ccode\u003e7caeb3f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.20 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/2e290c69c952e71a9fb8b6bef31e71d0307ce88b\"\u003e\u003ccode\u003e2e290c6\u003c/code\u003e\u003c/a\u003e fix(core): fix deeply nested transient providers resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f6a3c2f6701296df17068d5e9f5a849947e35633\"\u003e\u003ccode\u003ef6a3c2f\u003c/code\u003e\u003c/a\u003e fix(docs): update some old links in docs\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.21/packages/testing\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `file-type` from 22.0.0 to 22.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Work around esbuild resolving Node-only imports  ce4262f\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/3c4b7e049171753c2f733c09afaf3f7ec9e09b13\"\u003e\u003ccode\u003e3c4b7e0\u003c/code\u003e\u003c/a\u003e 22.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ce4262f69e2ed1d048162914a845fcb89cd80b01\"\u003e\u003ccode\u003ece4262f\u003c/code\u003e\u003c/a\u003e Fix: Work around esbuild resolving Node-only imports\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v22.0.0...v22.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nats-io/nats-core` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nats-io/nats.js/releases\"\u003e@​nats-io/nats-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIn addition to fixes and general enhancements this release adds support for exciting nats-server 2.14 JetStream features.\u003c/p\u003e\n\u003cp\u003e[CORE]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: protocol integer parsing rejects non-sensical values (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/373\"\u003e#373\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eSymbol.asyncDispose\u003c/code\u003e on connections/subscriptions — \u003ccode\u003eusing\u003c/code\u003e auto-closes on scope exit (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/396\"\u003e#396\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: inboxes match go client \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;token\u0026gt;\u003c/code\u003e (was \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;nuid\u0026gt;\u003c/code\u003e); nuids now base62 see \u003ca href=\"https://github.com/nats-io/nuid.js\"\u003enuid.js\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/398\"\u003e#398\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003egetServers()\u003c/code\u003e/\u003ccode\u003esetServers()\u003c/code\u003e — clients can list known servers and switch clusters (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003ereconnectToServer\u003c/code\u003e connection option — pick next server and dial delay during reconnect (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[JETSTREAM]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: message schedules — messages fire on cron — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/381\"\u003e#381\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eresetConsumer()\u003c/code\u003e/\u003ccode\u003ereset()\u003c/code\u003e on \u003ccode\u003eJetStreamManager\u003c/code\u003e — reset durable consumer ack sequence; enables order consumers backed by durables — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/391\"\u003e#391\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: push consumers stuck on heartbeat (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/375\"\u003e#375\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eJetStreamAccountStats\u003c/code\u003e/\u003ccode\u003eJetStreamApiStats\u003c/code\u003e — add \u003ccode\u003ereserved_memory\u003c/code\u003e, \u003ccode\u003ereserved_storage\u003c/code\u003e, \u003ccode\u003einflight\u003c/code\u003e; \u003ccode\u003emax_bytes_required\u003c/code\u003e is boolean; tiers use dynamic record (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/376\"\u003e#376\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: fast ingest — exposed via \u003ca href=\"https://github.com/synadia-io/orbit.js/tree/main/fastingest\"\u003eorbit fastingest\u003c/a\u003e — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/379\"\u003e#379\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: configure stream mirror/source consumers — \u003ccode\u003eStreamSource.consumer\u003c/code\u003e, \u003ccode\u003eStreamConsumerSource\u003c/code\u003e, \u003ccode\u003eAckPolicy.FlowControl\u003c/code\u003e — \u003cstrong\u003erequires \u003ca href=\"https://github.com/nats-io/nats-server/releases/tag/v2.14.0\"\u003enats-server 2.14+\u003c/a\u003e\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/399\"\u003e#399\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[KV]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: KV \u003ccode\u003ecreate\u003c/code\u003e passes \u003ccode\u003emarkerTTL\u003c/code\u003e via \u003ccode\u003e_put\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/367\"\u003e#367\u003c/a\u003e) by \u003ca href=\"https://github.com/Bre77\"\u003e\u003ccode\u003e@​Bre77\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[OBJ]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: faster entry add via fast ingest (\u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e); native SHA-256 when available. Note that the fast ingest integration requires a hidden \u003ccode\u003eallowBatched: true\u003c/code\u003e to be specified as it is still experimental (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/394\"\u003e#394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/397\"\u003e#397\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[DOCS]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: esbuild build instructions (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/378\"\u003e#378\u003c/a\u003e) by \u003ca href=\"https://github.com/AntoninPOLY\"\u003e\u003ccode\u003e@​AntoninPOLY\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExamples: websocket usage in modern frameworks (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/392\"\u003e#392\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Bre77\"\u003e\u003ccode\u003e@​Bre77\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/367\"\u003e#367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Jarema\"\u003e\u003ccode\u003e@​Jarema\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AntoninPOLY\"\u003e\u003ccode\u003e@​AntoninPOLY\u003c/code\u003e\u003c/a\u003e — first contribution in \u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/378\"\u003e#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\"\u003ehttps://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.4.0-4\u003c/h2\u003e\n\u003cp\u003ecanary\u003c/p\u003e\n\u003ch2\u003ev3.4.0-4\u003c/h2\u003e\n\u003cp\u003ecanary\u003c/p\u003e\n\u003ch2\u003ev3.4.0-2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/95e76e79d9feaa0a0bf3b0e8da526ec5a3460979\"\u003e\u003ccode\u003e95e76e7\u003c/code\u003e\u003c/a\u003e bump version to 3.4.0 (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/c2b6333c5e6ff015d0de15b5f7459c2cc53420b2\"\u003e\u003ccode\u003ec2b6333\u003c/code\u003e\u003c/a\u003e canary (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/409\"\u003e#409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/644b711f4b8ef3a2bcdd8c96669245f50dc1240b\"\u003e\u003ccode\u003e644b711\u003c/code\u003e\u003c/a\u003e canary bumps (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/408\"\u003e#408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/949440d5ae25a8e7bbcdbed144a18333e74f0dbe\"\u003e\u003ccode\u003e949440d\u003c/code\u003e\u003c/a\u003e updated badges (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/407\"\u003e#407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/f92bb8b42e1d788fc3a0c6af3054e5a454f71fcd\"\u003e\u003ccode\u003ef92bb8b\u003c/code\u003e\u003c/a\u003e simplify type for FastIngestOptions inline type (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/406\"\u003e#406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/4fca0055dc2bf01ebabe3639d12605a66741c30d\"\u003e\u003ccode\u003e4fca005\u003c/code\u003e\u003c/a\u003e fix for slow type in JSR (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/994da46836e84c5e237b624ba4cb9ec81070aa3c\"\u003e\u003ccode\u003e994da46\u003c/code\u003e\u003c/a\u003e expose reconnectToServer (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/95b612b584d9b023a6432363eaf1a2b4f08df47d\"\u003e\u003ccode\u003e95b612b\u003c/code\u003e\u003c/a\u003e bump versions (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/402\"\u003e#402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/543c640519cc6e342e9d032e3ee48bae60a06843\"\u003e\u003ccode\u003e543c640\u003c/code\u003e\u003c/a\u003e internal test util not part of the distribution (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/401\"\u003e#401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nats-io/nats.js/commit/2c2ad5de340dba609c8fc605f1701f1afff7b856\"\u003e\u003ccode\u003e2c2ad5d\u003c/code\u003e\u003c/a\u003e feat(core): setServers/getServers (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nats-io/nats.js/compare/v3.3.1...v3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nats-io/transport-node` from 3.3.1 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nats-io/nats.js/releases\"\u003e@​nats-io/transport-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIn addition to fixes and general enhancements this release adds support for exciting nats-server 2.14 JetStream features.\u003c/p\u003e\n\u003cp\u003e[CORE]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFIX: protocol integer parsing rejects non-sensical values (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/373\"\u003e#373\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eSymbol.asyncDispose\u003c/code\u003e on connections/subscriptions — \u003ccode\u003eusing\u003c/code\u003e auto-closes on scope exit (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/396\"\u003e#396\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: inboxes match go client \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;token\u0026gt;\u003c/code\u003e (was \u003ccode\u003e_INBOX.\u0026lt;nuid\u0026gt;.\u0026lt;nuid\u0026gt;\u003c/code\u003e); nuids now base62 see \u003ca href=\"https://github.com/nats-io/nuid.js\"\u003enuid.js\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/398\"\u003e#398\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003egetServers()\u003c/code\u003e/\u003ccode\u003esetServers()\u003c/code\u003e — clients can list known servers and switch clusters (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/400\"\u003e#400\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003ereconnectToServer\u003c/code\u003e connection option — pick next server and dial delay during reconnect (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/403\"\u003e#403\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[JETSTREAM]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFEAT: message schedules — messages fire on cron — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/381\"\u003e#381\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFEAT: \u003ccode\u003eresetConsumer()\u003c/code\u003e/\u003ccode\u003ereset()\u003c/code\u003e on \u003ccode\u003eJetStreamManager\u003c/code\u003e — reset durable consumer ack sequence; enables order consumers backed by durables — \u003cstrong\u003erequires nats-server 2.14+\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/391\"\u003e#391\u003c/a\u003e) by \u003ca href=\"https://github.com/aricart\"\u003e\u003ccode\u003e@​aricart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFIX: push consumers stuck on heartbeat (\u003ca href=\"https://redirect.github.com/nats-io/nats.js/issues/375\"\u003e#375\u003c/a\u003e) by \u003ca href=\"https://github.com/ari...\n\n_Description has been truncated_","html_url":"https://github.com/graphql-hive/gateway/pull/2370","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-hive%2Fgateway/issues/2370","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2370/packages"}},{"old_version":"20.5.0","new_version":"21.1.0","update_type":"major","path":null,"pr_created_at":"2026-05-18T18:48:09.000Z","version_change":"20.5.0 → 21.1.0","issue":{"uuid":"4471700212","node_id":"PR_kwDOPeUieM7cx8Gd","number":165,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T05:50:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:48:09.000Z","updated_at":"2026-05-24T05:50:19.000Z","time_to_close":471729,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"file-type","old_version":"20.5.0","new_version":"21.1.0","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"uuid","old_version":"10.0.0","new_version":"13.0.2","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /book-talk-ts directory: [file-type](https://github.com/sindresorhus/file-type), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `file-type` from 20.5.0 to 21.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)  eda03a7\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry (.reg) files   0db61ec 7d2ddcf\u003c/li\u003e\n\u003cli\u003eAdd support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)  f8d62be\u003c/li\u003e\n\u003cli\u003eFix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)  7ad3a90\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.0.0...v21.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.0.0\u003c/h2\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js 20  24aec1f\u003c/li\u003e\n\u003cli\u003eDrop Adobe Illustrator (.ai) detection support (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/743\"\u003e#743\u003c/a\u003e)  af169f3\u003c/li\u003e\n\u003cli\u003eCorrect Matroska (video) MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/753\"\u003e#753\u003c/a\u003e)  f53f5ff\u003c/li\u003e\n\u003cli\u003eCorrect FLAC MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/755\"\u003e#755\u003c/a\u003e)  b9fda36\u003c/li\u003e\n\u003cli\u003eCorrect Apache Parquet MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/748\"\u003e#748\u003c/a\u003e)  98e3f8e\u003c/li\u003e\n\u003cli\u003eCorrect Apache Arrow MIME-type to formal IANA registration (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/754\"\u003e#754\u003c/a\u003e)  7184775\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow options to be directly passed to exported functions (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/752\"\u003e#752\u003c/a\u003e)  d264029\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003empegOffsetTolerance\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/646\"\u003e#646\u003c/a\u003e)  c40840a\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix detection of some PAX TAR formats (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/762\"\u003e#762\u003c/a\u003e)  574d0d6\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.5.0...v21.0.0\"\u003ehttps://github.com/sindresorhus/file-type/compare/v20.5.0...v21.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ae8afc868bd458504d71717639fdb42c5f8c2266\"\u003e\u003ccode\u003eae8afc8\u003c/code\u003e\u003c/a\u003e 21.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7ad3a90a3e946f0f55d84d639e89f0025ea702ad\"\u003e\u003ccode\u003e7ad3a90\u003c/code\u003e\u003c/a\u003e Fix: Handle partial unzip (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/773\"\u003e#773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/1511507734b1bf39f8b8b5f293f6c86148991b5e\"\u003e\u003ccode\u003e1511507\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003e@file-type/av\u003c/code\u003e third-party file-type detectors (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/772\"\u003e#772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/b461a210a4ef994194836fcaabd29ecc86d75931\"\u003e\u003ccode\u003eb461a21\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003estrtok3.parseBlob\u003c/code\u003e for improved Blob handling (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/771\"\u003e#771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/f8d62bedcd92edba5597a8e041debb782e78332c\"\u003e\u003ccode\u003ef8d62be\u003c/code\u003e\u003c/a\u003e Add support for Windows registry hive file (\u003ccode\u003e.dat\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/767\"\u003e#767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/0db61ecbbbfb6fc67cf5ee6c6b7cc244a19b82b9\"\u003e\u003ccode\u003e0db61ec\u003c/code\u003e\u003c/a\u003e Add support for Windows \u0026lt; 2000 registry (.reg) files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/766\"\u003e#766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/7d2ddcfcb26d5c3bf91d29bf11cedc6e42ac422f\"\u003e\u003ccode\u003e7d2ddcf\u003c/code\u003e\u003c/a\u003e Add support for Windows ≥ 2000 registry (\u003ccode\u003e.reg\u003c/code\u003e) files (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/765\"\u003e#765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/1a9b1bbc027ae093c5b3d07e431b7702768a087b\"\u003e\u003ccode\u003e1a9b1bb\u003c/code\u003e\u003c/a\u003e Internal: Add UTF-16 (BE and LE) string compare (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/eda03a7b0554e93f6902588d2c6cc11af62b7859\"\u003e\u003ccode\u003eeda03a7\u003c/code\u003e\u003c/a\u003e Add detector for \u003ccode\u003e.tar.gz\u003c/code\u003e (gunzipped tarball file) (\u003ca href=\"https://redirect.github.com/sindresorhus/file-type/issues/763\"\u003e#763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/c54c7444ba5445a360cc40787fd1f26bb2765cec\"\u003e\u003ccode\u003ec54c744\u003c/code\u003e\u003c/a\u003e 21.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v20.5.0...v21.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 13.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/v13.0.2/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/bd349769499885c496399900d6788afabf6f142a\"\u003e\u003ccode\u003ebd34976\u003c/code\u003e\u003c/a\u003e chore(13.x): release 13.0.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/953\"\u003e#953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e\u003ccode\u003e49ccb35\u003c/code\u003e\u003c/a\u003e fix: rerelease to fix provenance.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/fc3a84d2443a2aad3c54a8c829375d0d71939ff0\"\u003e\u003ccode\u003efc3a84d\u003c/code\u003e\u003c/a\u003e chore: update workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f01d6dd2bee5a10be626bea171bf86def7c554b4\"\u003e\u003ccode\u003ef01d6dd\u003c/code\u003e\u003c/a\u003e chore: fix workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0643802db81cece7ee445f5147529d7a77394630\"\u003e\u003ccode\u003e0643802\u003c/code\u003e\u003c/a\u003e Merge branch '13.x' of github.com:uuidjs/uuid into 13.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e52c9ceac2c0caab66389f6a7b04b321ae39ac83\"\u003e\u003ccode\u003ee52c9ce\u003c/code\u003e\u003c/a\u003e chore: fix workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e5424b6daa6977ab6cc9b21e7ef5556dc6b94ab3\"\u003e\u003ccode\u003ee5424b6\u003c/code\u003e\u003c/a\u003e chore(13.x): release 13.0.1 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/943\"\u003e#943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/04f488b2f16786865036f990fec4c438ce1c1507\"\u003e\u003ccode\u003e04f488b\u003c/code\u003e\u003c/a\u003e workflow: update release-please workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e\u003ccode\u003e9d27ddf\u003c/code\u003e\u003c/a\u003e fix: backport fix for GHSA-w5hq-g745-h8pq\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/24c123841fdd1cd66edf11cb4b9b49c9c0e1fc12\"\u003e\u003ccode\u003e24c1238\u003c/code\u003e\u003c/a\u003e chore(main): release 13.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/902\"\u003e#902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v13.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hjch0211/book-talk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/hjch0211/book-talk/pull/165","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjch0211%2Fbook-talk/issues/165","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/165/packages"}},{"old_version":"21.3.0","new_version":"21.3.2","update_type":"patch","path":null,"pr_created_at":"2026-05-17T16:17:30.000Z","version_change":"21.3.0 → 21.3.2","issue":{"uuid":"4464106350","node_id":"PR_kwDORPf6cM7cZt7x","number":53,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript","app: web-ui","channel: zalo","channel: matrix","extensions: diagnostics-otel"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T17:30:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T16:17:30.000Z","updated_at":"2026-05-19T17:30:07.000Z","time_to_close":177155,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"file-type","old_version":"21.3.0","new_version":"21.3.2","repository_url":"https://github.com/sindresorhus/file-type"},{"name":"hono","old_version":"4.12.7","new_version":"4.12.18","repository_url":"https://github.com/honojs/hono"},{"name":"undici","old_version":"7.21.0","new_version":"7.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"dompurify","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"vite","old_version":"5.4.21","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"music-metadata","old_version":"11.11.2","new_version":"11.12.3","repository_url":"https://github.com/Borewit/music-metadata"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"8.3.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"sanitize-html","old_version":"2.17.0","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.2` |\n| [hono](https://github.com/honojs/hono) | `4.12.7` | `4.12.18` |\n| [undici](https://github.com/nodejs/undici) | `7.21.0` | `7.24.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.2` | `3.4.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `6.4.2` |\n| [music-metadata](https://github.com/Borewit/music-metadata) | `11.11.2` | `11.12.3` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `8.3.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.0` | `2.17.4` |\n\nBumps the npm_and_yarn group with 1 update in the /extensions/zalo directory: [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /ui directory: [dompurify](https://github.com/cure53/DOMPurify) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\n\nUpdates `file-type` from 21.3.0 to 21.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/file-type/releases\"\u003efile-type's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev21.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)  a155cd7\u003c/li\u003e\n\u003cli\u003eFix bound recursive BOM and ID3 detection  370ed91\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev21.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop in ASF parser on malformed input (\u003ca href=\"https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\"\u003ehttps://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473\u003c/a\u003e)  319abf8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\"\u003ehttps://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/e18028c3cc19441477c3459991fee9770d88c218\"\u003e\u003ccode\u003ee18028c\u003c/code\u003e\u003c/a\u003e 21.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a155cd71323279de173c54e8c530d300d3854fdd\"\u003e\u003ccode\u003ea155cd7\u003c/code\u003e\u003c/a\u003e Fix ZIP bomb in known-size ZIP probing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/69548179cca2c0ab6a0cc93af59392f8c351cab1\"\u003e\u003ccode\u003e6954817\u003c/code\u003e\u003c/a\u003e Harden parser more\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/370ed9185d112eea4d989fecb843597b1d94cf09\"\u003e\u003ccode\u003e370ed91\u003c/code\u003e\u003c/a\u003e Fix bound recursive BOM and ID3 detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/d2ecea187c47b944a9c001ae7637f02baed0825a\"\u003e\u003ccode\u003ed2ecea1\u003c/code\u003e\u003c/a\u003e Add a few more safeguards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/41fcff5de64cfb53da6b2b9c048ebea8213f32c2\"\u003e\u003ccode\u003e41fcff5\u003c/code\u003e\u003c/a\u003e Update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/a8f6934ddd93c3e12cc4ecb0cfc3e8d816d4b9fd\"\u003e\u003ccode\u003ea8f6934\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/ad5857e5384874e853cc9c4c29b867f1135a7c30\"\u003e\u003ccode\u003ead5857e\u003c/code\u003e\u003c/a\u003e 21.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/5d2fedf104dc5067b51a1f31410aa60052c74f64\"\u003e\u003ccode\u003e5d2fedf\u003c/code\u003e\u003c/a\u003e Harden parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f\"\u003e\u003ccode\u003e319abf8\u003c/code\u003e\u003c/a\u003e Fix infinite loop in ASF parser on malformed input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.7 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.16\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eUnvalidated JSX Tag Names in hono/jsx May Allow HTML Injection\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX tag names when using \u003ccode\u003ejsx()\u003c/code\u003e or \u003ccode\u003ecreateElement()\u003c/code\u003e, which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432\u003c/p\u003e\n\u003ch3\u003ebodyLimit() can be bypassed for chunked / unknown-length requests\u003c/h3\u003e\n\u003cp\u003eAffects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v\u003c/p\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/90d4182aabd328e2ec6af3f25ec62ddc574ad8cb\"\u003e\u003ccode\u003e90d4182\u003c/code\u003e\u003c/a\u003e 4.12.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.7...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.21.0 to 7.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2581: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2581\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2581\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536\"\u003e\u003ccode\u003ecb79c57\u003c/code\u003e\u003c/a\u003e fix: validate server_max_window_bits range in permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2\"\u003e\u003ccode\u003e4147ce2\u003c/code\u003e\u003c/a\u003e Merge commit '2ee00cb3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d\"\u003e\u003ccode\u003e2ee00cb\u003c/code\u003e\u003c/a\u003e fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4\"\u003e\u003ccode\u003e5890c7b\u003c/code\u003e\u003c/a\u003e fix(deduplicate): stream response chunks to waiting handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/fbda3c166860772dd80b2577175617d9dddcdb81\"\u003e\u003ccode\u003efbda3c1\u003c/code\u003e\u003c/a\u003e Bumped v7.23.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07276c90545bd66b075a7002875fcfa7f8d9fd04\"\u003e\u003ccode\u003e07276c9\u003c/code\u003e\u003c/a\u003e fix: remove unused kSocketPath symbol\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.21.0...v7.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `music-metadata` from 11.11.2 to 11.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Borewit/music-metadata/releases\"\u003emusic-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.12.3\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TypeScript decleration inclusion \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2608\"\u003e#2608\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.3\"\u003emusic-metadata@11.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.2\u003c/h2\u003e\n\u003cp\u003e⚠️ This release is missing TypeScript declarations, use \u003ca href=\"https://github.com/Borewit/music-metadata/releases/tag/v11.12.3\"\u003ev11.12.3\u003c/a\u003e instead.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Fix CWE-85 by avoiding infinite loop in ASF \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2605\"\u003e#2605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMap \u003ccode\u003e.wma\u003c/code\u003e and \u003ccode\u003e.wmv.\u003c/code\u003e extension to \u003ccode\u003eAsfParser\u003c/code\u003e \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2601\"\u003e#2601\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2602\"\u003e#2602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.2\"\u003emusic-metadata@11.12.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix miscalculation Ogg/Vorbis, duration miscalculation \u003ca href=\"https://github.com/Borewit\"\u003e\u003ccode\u003e@​Borewit\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2583\"\u003e#2583\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.1\"\u003emusic-metadata@11.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003ch2\u003e🚀 Enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for multiple albumartists \u003ca href=\"https://github.com/ma225tq\"\u003e\u003ccode\u003e@​ma225tq\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/Borewit/music-metadata/issues/2577\"\u003e#2577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 NPM release\u003c/h2\u003e\n\u003cp\u003eNPM release: \u003ca href=\"https://www.npmjs.com/package/music-metadata/v/11.12.0\"\u003emusic-metadata@11.12.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/894a9e83668aedd85a430f3a5ef4e025e107645d\"\u003e\u003ccode\u003e894a9e8\u003c/code\u003e\u003c/a\u003e 11.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2beb45c9abe05d3ba676ccc024c00ffe6e5a0ada\"\u003e\u003ccode\u003e2beb45c\u003c/code\u003e\u003c/a\u003e Fix TypeScript decleration inclusion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7f13e8ea7d15647803c76ac5b1f291b4f69eb9f1\"\u003e\u003ccode\u003e7f13e8e\u003c/code\u003e\u003c/a\u003e 11.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/7e5be088fd2ab7490aef73119477e5fdf156354c\"\u003e\u003ccode\u003e7e5be08\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@biomejs/biome\u003c/code\u003e to 2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/318e963e21734bc03b4c7811facb23f900f9a378\"\u003e\u003ccode\u003e318e963\u003c/code\u003e\u003c/a\u003e Fix CWE-85 by avoiding infinite loop in ASF\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/5b7e69c82e0fd888497678f6b882d48969017450\"\u003e\u003ccode\u003e5b7e69c\u003c/code\u003e\u003c/a\u003e Simplify \u003ccode\u003etsconfig.prod.json\u003c/code\u003e by removing unused options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/1ffe9bf0ceb3de2d2c55d49b062c54db2c92cf48\"\u003e\u003ccode\u003e1ffe9bf\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/20f468363cecb09c2c89c50adaeb2a9130eb6c87\"\u003e\u003ccode\u003e20f4683\u003c/code\u003e\u003c/a\u003e Bump c8 from 10.1.3 to 11.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/cfcf152326b1e3751de1d99396701111dd9d2eb1\"\u003e\u003ccode\u003ecfcf152\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​borewit/text-codec\u003c/code\u003e from 0.2.1 to 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Borewit/music-metadata/commit/2e4e40cdf13ba3ecea67ce84fa29135d0af981ab\"\u003e\u003ccode\u003e2e4e40c\u003c/code\u003e\u003c/a\u003e Bump minimatch from 9.0.5 to 9.0.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Borewit/music-metadata/compare/v11.11.2...v11.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.211.0...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092...\n\n_Description has been truncated_","html_url":"https://github.com/NJX-njx/opensoul/pull/53","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NJX-njx%2Fopensoul/issues/53","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/53/packages"}}]}