{"id":33590,"name":"joi","ecosystem":"npm","repository_url":"https://github.com/hapijs/joi","issues_count":452,"created_at":"2025-06-07T13:29:06.997Z","updated_at":"2025-06-07T13:29:06.997Z","purl":"pkg:npm/joi","metadata":{"id":1897172,"name":"joi","ecosystem":"npm","description":"Object schema validation","homepage":"https://github.com/hapijs/joi#readme","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/hapijs/joi","keywords_array":["schema","validation"],"namespace":null,"versions_count":238,"first_release_published_at":"2012-09-16T16:47:26.219Z","latest_release_published_at":"2024-06-19T15:18:03.219Z","latest_release_number":"17.13.3","last_synced_at":"2025-06-06T05:32:16.052Z","created_at":"2022-04-09T18:03:10.689Z","updated_at":"2025-06-06T05:34:43.191Z","registry_url":"https://www.npmjs.com/package/joi","install_command":"npm install joi","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"node-0.x":"6.10.1","9-beta":"9.0.0-9","v12-legacy":"12.1.1","latest":"17.13.3"}},"repo_metadata":{"id":4684322,"uuid":"5830987","full_name":"hapijs/joi","owner":"hapijs","description":"The most powerful data validation library for JS","archived":false,"fork":false,"pushed_at":"2025-05-14T13:45:37.000Z","size":10223,"stargazers_count":21106,"open_issues_count":190,"forks_count":1519,"subscribers_count":175,"default_branch":"master","last_synced_at":"2025-06-03T18:45:30.818Z","etag":null,"topics":["hapi","javascript","schema","validation"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hapijs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2012-09-16T16:38:06.000Z","updated_at":"2025-06-03T10:29:44.000Z","dependencies_parsed_at":"2023-07-12T13:16:38.865Z","dependency_job_id":"68f4cb7a-17f9-410a-8276-28287e0593e5","html_url":"https://github.com/hapijs/joi","commit_stats":{"total_commits":1973,"total_committers":261,"mean_commits":7.559386973180077,"dds":0.7435377597567157,"last_synced_commit":"239ec335a19879f053439e778f0d1b9f57e3d351"},"previous_names":["sideway/joi"],"tags_count":270,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257865819,"owners_count":22615610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"hapijs","name":"hapi.js","uuid":"3774533","kind":"organization","description":"The Simple, Secure Framework Developers Trust","email":null,"website":"https://hapi.dev","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/3774533?v=4","repositories_count":75,"last_synced_at":"2025-05-31T14:30:20.554Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/hapijs","funding_links":[],"total_stars":46983,"followers":164,"following":0,"created_at":"2022-11-02T16:20:46.028Z","updated_at":"2025-05-31T14:30:20.555Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs/repositories"},"tags":[{"name":"v17.13.3","sha":"3cb73d6cded39fa49a46069b64d638a0ba0f7d14","kind":"tag","published_at":"2024-06-19T15:17:37.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.13.3","html_url":"https://github.com/hapijs/joi/releases/tag/v17.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.3/manifests"},{"name":"v17.13.2","sha":"7373136d149be0cc727096325f22f748d22aef46","kind":"tag","published_at":"2024-06-19T09:20:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.13.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.2/manifests"},{"name":"v17.13.1","sha":"0066a4ef16706b722b81818a8608aea1129f4cc7","kind":"tag","published_at":"2024-05-02T06:54:12.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.13.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.1/manifests"},{"name":"v17.13.0","sha":"f02df4c011253d3573be19261a45c6765157d054","kind":"tag","published_at":"2024-04-23T08:28:11.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.13.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.13.0/manifests"},{"name":"v17.12.3","sha":"554a437a5569015479887f69033bcd1357fb55d6","kind":"tag","published_at":"2024-04-03T09:41:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.12.3","html_url":"https://github.com/hapijs/joi/releases/tag/v17.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.3/manifests"},{"name":"v17.12.2","sha":"d279aa059f0cb1a495a4bfab17e2e84b456b9654","kind":"tag","published_at":"2024-02-21T18:38:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.12.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.2/manifests"},{"name":"v17.12.1","sha":"48f6f549ccf851491ceb4aaa1c64e9d27c5ebe54","kind":"tag","published_at":"2024-01-29T13:19:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.12.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.1/manifests"},{"name":"v17.12.0","sha":"e7687b1ea526f7ed1e8c0b56e90b2c08f827d264","kind":"tag","published_at":"2024-01-17T23:43:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.12.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.12.0/manifests"},{"name":"v17.11.1","sha":"fb5926c3ce5f649bf6f50474f9cbf3a4dfcc7564","kind":"tag","published_at":"2024-01-15T12:56:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.11.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.11.1/manifests"},{"name":"v12.1.1","sha":"91cadfdc9b908ae83d1be7854cea54e6e49906fc","kind":"tag","published_at":"2024-01-01T12:55:51.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v12.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v12.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.1.1/manifests"},{"name":"v17.11.0","sha":"aed09200bd4ef810146699c11ac01eade15c3a41","kind":"tag","published_at":"2023-10-04T14:24:49.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.11.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.11.0/manifests"},{"name":"v17.10.2","sha":"01bff41a98e2e17a743528578438c8ee2791d166","kind":"tag","published_at":"2023-09-17T15:52:00.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.10.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.2/manifests"},{"name":"v17.10.1","sha":"89d7d51fec2130f1a34e61e4715cd5d6c21e77bb","kind":"tag","published_at":"2023-08-31T15:48:31.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.10.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.1/manifests"},{"name":"v17.10.0","sha":"b655785ea118109f78162a4634a4a0c2379f507c","kind":"tag","published_at":"2023-08-27T17:01:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.10.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.10.0/manifests"},{"name":"v17.9.2","sha":"c19ae3d42284bdb717be24ba7b4c6d85205f9070","kind":"tag","published_at":"2023-04-24T20:44:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.9.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.2/manifests"},{"name":"v17.9.1","sha":"cc11f8dcdd80dff31890427dd25317e72e8dc46e","kind":"tag","published_at":"2023-03-21T08:09:10.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.9.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.1/manifests"},{"name":"v17.9.0","sha":"0fdab3a7cdabca2faf90a9e6e48466b819e9d9e4","kind":"tag","published_at":"2023-03-20T08:04:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.9.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.9.0/manifests"},{"name":"v17.8.4","sha":"c191b990136fa0e369fdf9a9a0d3284271dc3be5","kind":"tag","published_at":"2023-03-14T06:20:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.8.4","html_url":"https://github.com/hapijs/joi/releases/tag/v17.8.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.4/manifests"},{"name":"v17.8.3","sha":"ff3e5fc2442f66e5d3bc896728f2e8355da87998","kind":"tag","published_at":"2023-02-21T09:03:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.8.3","html_url":"https://github.com/hapijs/joi/releases/tag/v17.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.3/manifests"},{"name":"v17.8.2","sha":"04751f1a5861d334486a25034e748ab2aa84f773","kind":"tag","published_at":"2023-02-21T07:43:41.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.8.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.2/manifests"},{"name":"v17.8.1","sha":"cc88b68fbcfc4daf0879fa352ed9a26b509a2c31","kind":"tag","published_at":"2023-02-19T12:34:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.8.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.1/manifests"},{"name":"v17.8.0","sha":"79a2af417d7b5a0a1ddcea721b20ad5ffce86fc7","kind":"tag","published_at":"2023-02-19T11:47:33.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.8.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.8.0/manifests"},{"name":"v17.7.1","sha":"8fc72733bdd6b1743810a361e739bd43f2f1f0c4","kind":"tag","published_at":"2023-02-10T07:03:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.7.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.7.1/manifests"},{"name":"v17.7.0","sha":"b23659d9f57ad420a5c9a2cf399bd5e01d1f6501","kind":"tag","published_at":"2022-11-01T09:58:42.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.7.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.7.0/manifests"},{"name":"v17.6.4","sha":"09c29f727e38398d7cbc98600c1b28c9fe6b9521","kind":"tag","published_at":"2022-10-22T10:07:35.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.6.4","html_url":"https://github.com/hapijs/joi/releases/tag/v17.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.4/manifests"},{"name":"v17.6.3","sha":"a34d3227b7282592cd159ae57044882f25371bda","kind":"tag","published_at":"2022-10-11T10:02:42.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.6.3","html_url":"https://github.com/hapijs/joi/releases/tag/v17.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.3/manifests"},{"name":"v17.6.2","sha":"f41d429aa71040d86c5e6dbe0670d2fd3b2354f8","kind":"tag","published_at":"2022-09-29T16:06:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.6.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.2/manifests"},{"name":"v17.6.1","sha":"d7afcd567bab64a79a4d38332c5b169c5f0e3bf6","kind":"tag","published_at":"2022-09-22T11:51:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.6.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.1/manifests"},{"name":"v17.6.0","sha":"95feacc295bc1d72412c128c76f8b1c989576c1e","kind":"tag","published_at":"2022-01-26T23:06:54.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.6.0/manifests"},{"name":"v17.5.0","sha":"2cde8a3656498753b42ec22d1bf7f871959488a3","kind":"tag","published_at":"2021-12-02T06:39:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.5.0/manifests"},{"name":"v17.4.3","sha":"753f0d3657debf654d4aa42e656d6c09f456ea69","kind":"tag","published_at":"2021-12-01T08:48:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.4.3","html_url":"https://github.com/hapijs/joi/releases/tag/v17.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.3/manifests"},{"name":"v17.4.2","sha":"66065372198ddd3ac20df3ba960caba8f6e70522","kind":"tag","published_at":"2021-08-01T21:17:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.4.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.2/manifests"},{"name":"v17.4.1","sha":"5f33cb61d3b29419e0724088cc87c0158fde9e51","kind":"tag","published_at":"2021-07-11T05:03:30.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.1/manifests"},{"name":"v17.4.0","sha":"24600f27ce4061327817c8910415649a004f94ab","kind":"tag","published_at":"2021-02-08T01:05:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.4.0/manifests"},{"name":"v17.3.0","sha":"93aa1641e2851a0a1aa03d604b1c9b19f7f4cd61","kind":"tag","published_at":"2020-10-24T07:26:28.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.3.0/manifests"},{"name":"v17.2.1","sha":"f309431e17bce06c3d4e2ace35ed35cbabd01799","kind":"tag","published_at":"2020-08-19T16:57:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.2.1/manifests"},{"name":"v17.2.0","sha":"755f14b51a627f760525ac47ff21eb541116eb83","kind":"tag","published_at":"2020-08-05T02:01:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.2.0/manifests"},{"name":"v17.1.1","sha":"b3833c45d68cf8efa09d74aadedd670d8958cd99","kind":"tag","published_at":"2020-03-14T00:03:26.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.1.1/manifests"},{"name":"v17.1.0","sha":"48a30066c58793b682bb7f26218b92b719ad26e5","kind":"tag","published_at":"2020-01-20T00:00:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.1.0/manifests"},{"name":"v17.0.2","sha":"8d72facd6722b13a5717eefbf5e239c9ec453bb5","kind":"tag","published_at":"2020-01-09T18:47:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v17.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.2/manifests"},{"name":"v17.0.1","sha":"a7102c60ad1cecba70c60c477169b2f1204e67d4","kind":"tag","published_at":"2020-01-09T18:35:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v17.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.1/manifests"},{"name":"v17.0.0","sha":"86636f35e81c1e8f29458151c729bcf491f42578","kind":"tag","published_at":"2020-01-04T09:15:25.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v17.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v17.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v17.0.0/manifests"},{"name":"v16.1.8","sha":"810db4fc1e151bd8c1f33a2aa9853ebe657cc819","kind":"tag","published_at":"2019-11-24T09:56:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.8","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.8/manifests"},{"name":"v16.1.7","sha":"3c9a2296ecfa239ddfc99e29814109398b6facc6","kind":"tag","published_at":"2019-10-05T17:36:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.7","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.7/manifests"},{"name":"v16.1.6","sha":"089463289b3c3e64783fe65d7046d3945130dc58","kind":"tag","published_at":"2019-10-05T03:38:45.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.6","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.6/manifests"},{"name":"v16.1.5","sha":"f29129a460eb40a59135b88933b0d974810af5de","kind":"tag","published_at":"2019-10-02T07:34:54.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.5","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.5/manifests"},{"name":"v16.1.4","sha":"a9a61a8a7ab41871d21216ef0641a33b422b65c2","kind":"tag","published_at":"2019-09-20T22:14:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.4","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.4/manifests"},{"name":"v16.1.3","sha":"db9fa43325f823b92da0d00f0e958c4c0d61ebb1","kind":"tag","published_at":"2019-09-20T21:56:35.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.3","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.3/manifests"},{"name":"v16.1.2","sha":"9110fb8e1585d079b28e88dc6c02b3e7705384de","kind":"tag","published_at":"2019-09-19T06:08:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.2","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.2/manifests"},{"name":"v16.1.1","sha":"5023c8ca8ba543cd7fd7d1e9e68f3152e208e9b7","kind":"tag","published_at":"2019-09-17T09:20:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.1/manifests"},{"name":"v16.1.0","sha":"7164e00a338b9b8ec4493e5446987d821c74f5d6","kind":"tag","published_at":"2019-09-17T05:47:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v16.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.1.0/manifests"},{"name":"v16.0.1","sha":"73ae0ffaa77aca5372c3882e19349a181a49220c","kind":"tag","published_at":"2019-09-13T17:38:50.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.1/manifests"},{"name":"v16.0.0","sha":"b0356892c9342d340eab73f11d4086c0ceeebb9a","kind":"tag","published_at":"2019-09-11T22:48:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0/manifests"},{"name":"v15.1.1","sha":"b604775fccad77836b000aec2b33cdb6de26a73a","kind":"tag","published_at":"2019-08-16T00:14:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v15.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.1.1/manifests"},{"name":"v16.0.0-preview","sha":"cb71acd28bb00cc3d8ebdaa58dcff75057af4b35","kind":"tag","published_at":"2019-08-10T00:32:01.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.0-preview","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.0-preview","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-preview","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-preview/manifests"},{"name":"v14.5.0","sha":"043cde6a8c44d6132ee4a95e4a12bf58ec274e04","kind":"tag","published_at":"2019-06-23T02:18:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.5.0/manifests"},{"name":"v15.1.0","sha":"e14321fa5f05fc1bab9fbe33a19d583a1b1ae778","kind":"tag","published_at":"2019-06-22T23:40:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v15.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.1.0/manifests"},{"name":"v16.0.0-rc2","sha":"8ca140da68eca746a48e677e4931d81334bb7e2a","kind":"tag","published_at":"2019-06-18T22:40:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.0-rc2","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-rc2/manifests"},{"name":"v16.0.0-rc1","sha":"532abb24af6d80fd759c980a94e5005a7d122e30","kind":"tag","published_at":"2019-06-11T19:36:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.0-rc1","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-rc1/manifests"},{"name":"v16.0.0-0","sha":"d8fbebb49b7b41c989d0838a8209171984e3415b","kind":"tag","published_at":"2019-06-11T19:31:20.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v16.0.0-0","html_url":"https://github.com/hapijs/joi/releases/tag/v16.0.0-0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v16.0.0-0/manifests"},{"name":"v15.0.3","sha":"31088722970cafdbf41365cdfa9148df8ac179d4","kind":"tag","published_at":"2019-05-13T08:05:46.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v15.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.3/manifests"},{"name":"v15.0.2","sha":"2c36ab397fd500b08b79e2b51000e4ea061fc005","kind":"tag","published_at":"2019-05-08T14:58:06.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v15.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.2/manifests"},{"name":"v15.0.1","sha":"2d6f1b5b2377c6b14e70485b953c2345f832a624","kind":"tag","published_at":"2019-04-30T15:44:36.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v15.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.1/manifests"},{"name":"v15.0.0","sha":"28e66dd8484caa37bf7f40244153dcb1485a04be","kind":"tag","published_at":"2019-04-02T04:48:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v15.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v15.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v15.0.0/manifests"},{"name":"v14.4.1","sha":"8245c2f407f41efaa19e77563f2953eb9f03cc58","kind":"tag","published_at":"2019-03-29T22:01:26.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v14.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.4.1/manifests"},{"name":"v14.4.0","sha":"5acfd44da919886ab74c71350a52ec4ba017936c","kind":"tag","published_at":"2019-03-29T20:17:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.4.0/manifests"},{"name":"v12.1.0","sha":"03258264f220aaf4eb80cc909415d6dc7c949bbf","kind":"tag","published_at":"2019-03-24T22:59:20.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v12.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v12.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.1.0/manifests"},{"name":"v14.3.1","sha":"454d06cc563559a26c20ecfc68360fdeb6d1241b","kind":"tag","published_at":"2018-12-28T08:51:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v14.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.3.1/manifests"},{"name":"v14.3.0","sha":"67796afe37cc456486d0a3a84556929875fef776","kind":"tag","published_at":"2018-11-25T19:25:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.3.0/manifests"},{"name":"v14.2.0","sha":"6bfda2c85a6bca15d03c8202ea0755156c911925","kind":"tag","published_at":"2018-11-25T13:53:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.2.0/manifests"},{"name":"v14.1.1","sha":"99e505d1f7a7532dafd20da4d1d99fa3b35550b6","kind":"tag","published_at":"2018-11-24T11:13:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v14.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.1.1/manifests"},{"name":"v14.1.0","sha":"8e5c0c6913e5f5d97dd708f28e716a536e67c117","kind":"tag","published_at":"2018-11-19T22:21:29.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.1.0/manifests"},{"name":"v14.0.6","sha":"a9aa3e77d0df426d18b8d9d3dc78e2fa3406d0a1","kind":"tag","published_at":"2018-11-12T00:09:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.6","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.6/manifests"},{"name":"v14.0.5","sha":"a483e1874637f22504aeae16de1a82828ab4fd8b","kind":"tag","published_at":"2018-11-11T14:07:11.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.5","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.5/manifests"},{"name":"v14.0.4","sha":"f7a73f51ddcfe9043835805aad6bfeb3c91a253b","kind":"tag","published_at":"2018-11-03T00:30:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.4/manifests"},{"name":"v14.0.3","sha":"d07c000fe04346c621c2bb6724a08070936ee3c9","kind":"tag","published_at":"2018-11-01T08:17:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.3/manifests"},{"name":"v14.0.2","sha":"1db4309dd22aba81ca5863194dff3e1b29919971","kind":"tag","published_at":"2018-10-29T22:08:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.2/manifests"},{"name":"v14.0.1","sha":"87b5f1da0006eff370752ec08f708f5b20bd383d","kind":"tag","published_at":"2018-10-22T20:28:16.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.1/manifests"},{"name":"v14.0.0","sha":"24c84327d0ed3099543fb7ddfc765edebf323478","kind":"tag","published_at":"2018-10-14T16:06:32.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v14.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v14.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v14.0.0/manifests"},{"name":"v13.7.0","sha":"e4b82f6d940b335d8dbeece7846507f6f6064297","kind":"tag","published_at":"2018-09-29T08:28:38.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.7.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.7.0/manifests"},{"name":"v13.6.0","sha":"5eff33e560395fe9fcbe175b6b961c02b1127f09","kind":"tag","published_at":"2018-08-10T16:08:17.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.6.0/manifests"},{"name":"v13.5.2","sha":"a9eb527953b59b1d1ac3d2273c790a93c8f8a8dd","kind":"tag","published_at":"2018-07-30T19:02:11.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.5.2","html_url":"https://github.com/hapijs/joi/releases/tag/v13.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.2/manifests"},{"name":"v13.5.1","sha":"244ca7d01a8980ebaec66a846acb8bf15f2be280","kind":"tag","published_at":"2018-07-30T16:07:25.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.5.1","html_url":"https://github.com/hapijs/joi/releases/tag/v13.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.1/manifests"},{"name":"v13.5.0","sha":"63492d45cbe92ffeed81a56ae5a90a96d4426c68","kind":"tag","published_at":"2018-07-30T15:30:25.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.5.0/manifests"},{"name":"v13.4.0","sha":"f75f0d3c92ffaa44088ec235e95674c76f232a12","kind":"tag","published_at":"2018-06-06T09:38:11.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.4.0/manifests"},{"name":"v13.3.0","sha":"780b85c6ba65afcf4f32613fe74be4de532953e6","kind":"tag","published_at":"2018-05-08T16:35:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.3.0/manifests"},{"name":"v13.2.0","sha":"7f0c3841972d824f46fb2af295c1db91c31c6c12","kind":"tag","published_at":"2018-04-17T12:06:29.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.2.0/manifests"},{"name":"v13.1.3","sha":"b64b6189374cb3ccaefbff3223d7b3c907198682","kind":"tag","published_at":"2018-04-17T12:02:38.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.1.3","html_url":"https://github.com/hapijs/joi/releases/tag/v13.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.3/manifests"},{"name":"v13.1.2","sha":"97fa7646d568245d15c8981282a56d721414f28d","kind":"tag","published_at":"2018-02-02T19:22:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.1.2","html_url":"https://github.com/hapijs/joi/releases/tag/v13.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.2/manifests"},{"name":"v13.1.1","sha":"9868466206fdc12711fa14661e135e57538c9de2","kind":"tag","published_at":"2018-01-19T13:23:06.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v13.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.1/manifests"},{"name":"v13.1.0","sha":"e2498c65c849afc4e6ab41648546e6dff0fd33cc","kind":"tag","published_at":"2018-01-04T14:43:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.1.0/manifests"},{"name":"v13.0.2","sha":"c711c73bb6451f123d02af3677e9c2fd017fd6cb","kind":"tag","published_at":"2017-11-12T20:16:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v13.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.2/manifests"},{"name":"v13.0.1","sha":"3d097d3bbb0b92e48d18383b03fe12d7148c0519","kind":"tag","published_at":"2017-10-19T12:50:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v13.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.1/manifests"},{"name":"v13.0.0","sha":"bcd4bb46dcc4f262cbc01be5ac9552b1b55eb8de","kind":"tag","published_at":"2017-10-14T15:06:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v13.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v13.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v13.0.0/manifests"},{"name":"v12.0.0","sha":"79e23f20b832b36a050f9f21836368f459b8999f","kind":"tag","published_at":"2017-10-14T14:36:14.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v12.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v12.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v12.0.0/manifests"},{"name":"v11.4.0","sha":"3f10a9320e18bc8805c4d32104aba8bce9e46cfe","kind":"tag","published_at":"2017-10-14T12:12:47.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v11.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.4.0/manifests"},{"name":"v11.3.4","sha":"b0647370a1569c6d84e7de9165f745fc6e0ca834","kind":"tag","published_at":"2017-10-09T17:42:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.3.4","html_url":"https://github.com/hapijs/joi/releases/tag/v11.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.4/manifests"},{"name":"v11.3.3","sha":"88f05f0cadc736983d9d479dc7b204666690e37a","kind":"tag","published_at":"2017-10-09T06:24:14.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.3.3","html_url":"https://github.com/hapijs/joi/releases/tag/v11.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.3/manifests"},{"name":"v11.3.2","sha":"e3f51098e7c8ce00587cf34f5fbbf175349b9851","kind":"tag","published_at":"2017-10-08T21:14:01.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.3.2","html_url":"https://github.com/hapijs/joi/releases/tag/v11.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.2/manifests"},{"name":"v11.3.1","sha":"5f1fe2e22ad6f063fe3b022887ea872804967588","kind":"tag","published_at":"2017-10-08T19:31:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v11.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.1/manifests"},{"name":"v11.3.0","sha":"8e13b5f2834bafa2a0fbdf47b930fc5a9276663c","kind":"tag","published_at":"2017-10-08T16:19:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v11.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.3.0/manifests"},{"name":"v11.2.0","sha":"c5741ff59d5ea450841c7fdcbcb9e8cfb7ecccd7","kind":"tag","published_at":"2017-10-07T21:42:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v11.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.2.0/manifests"},{"name":"v11.1.1","sha":"d89a89a956c53dfd465572923fffd15bc60ab4aa","kind":"tag","published_at":"2017-09-25T09:04:28.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v11.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.1.1/manifests"},{"name":"v11.1.0","sha":"a08c27bd17b9ee0e3826eb3e714b3a75c2bbd658","kind":"tag","published_at":"2017-09-24T17:20:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v11.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.1.0/manifests"},{"name":"v11.0.3","sha":"9a8eb5a0fddc07c999d743c0f207d58bc7227cca","kind":"tag","published_at":"2017-09-20T22:38:46.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v11.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.3/manifests"},{"name":"v11.0.2","sha":"ebb5a42036df36210941dc831d4344556eac2ac1","kind":"tag","published_at":"2017-09-19T09:20:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v11.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.2/manifests"},{"name":"v11.0.1","sha":"ba4ddeb1b02286042758da8b6d4d2396d7665655","kind":"tag","published_at":"2017-09-14T16:05:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v11.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.1/manifests"},{"name":"v11.0.0","sha":"fd9d1fc18c52338f3659abe9e6953b17b6222b3b","kind":"tag","published_at":"2017-09-14T15:44:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v11.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v11.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v11.0.0/manifests"},{"name":"v10.6.0","sha":"069bb6c04063cba202544dacf9da3bbe21fa3074","kind":"tag","published_at":"2017-06-15T17:40:37.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.6.0/manifests"},{"name":"v10.5.2","sha":"5603fc73a482eb09a53a92fc8ae484d7adcea8f8","kind":"tag","published_at":"2017-05-30T07:37:00.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.5.2","html_url":"https://github.com/hapijs/joi/releases/tag/v10.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.2/manifests"},{"name":"v10.5.1","sha":"539760b773a0cade06e57d5af4d83715e4308f92","kind":"tag","published_at":"2017-05-28T22:19:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.5.1","html_url":"https://github.com/hapijs/joi/releases/tag/v10.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.1/manifests"},{"name":"v10.5.0","sha":"58865672018edae8ca8e0cab90dc84d243161f0c","kind":"tag","published_at":"2017-05-18T15:40:45.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.5.0/manifests"},{"name":"v10.4.2","sha":"e2b5d494d6dffeb03b964f60be8693d96c2f45a4","kind":"tag","published_at":"2017-05-13T10:41:12.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.4.2","html_url":"https://github.com/hapijs/joi/releases/tag/v10.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.2/manifests"},{"name":"v10.4.1","sha":"16b8c140fec6fc8e44caed9a9e533a76e49f5968","kind":"tag","published_at":"2017-04-02T16:01:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v10.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.1/manifests"},{"name":"v10.4.0","sha":"6ef84b22826eac728230681c0ddc017ae5611f02","kind":"tag","published_at":"2017-04-01T18:45:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.4.0/manifests"},{"name":"v10.3.4","sha":"8e85ed2fdae681a610eab95bd962641a64d95dd1","kind":"tag","published_at":"2017-04-01T08:18:51.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.3.4","html_url":"https://github.com/hapijs/joi/releases/tag/v10.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.4/manifests"},{"name":"v10.3.3","sha":"6911defd94631a81274d122167024bb7b2187b03","kind":"tag","published_at":"2017-03-31T16:11:35.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.3.3","html_url":"https://github.com/hapijs/joi/releases/tag/v10.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.3/manifests"},{"name":"v10.3.2","sha":"a0482046093c2842cbfa05720b8d8698fb5e648a","kind":"tag","published_at":"2017-03-31T15:51:29.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.3.2","html_url":"https://github.com/hapijs/joi/releases/tag/v10.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.2/manifests"},{"name":"v10.3.1","sha":"d33a3478361db45d04ec0890f51d33439ab89e99","kind":"tag","published_at":"2017-03-26T13:19:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v10.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.1/manifests"},{"name":"v10.3.0","sha":"5d484b77f0c32eef40ad7580af7eefbedc1a418b","kind":"tag","published_at":"2017-03-22T11:19:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.3.0/manifests"},{"name":"v10.2.2","sha":"ef2cb827d346b036e9b16630177f47cce05812e9","kind":"tag","published_at":"2017-02-09T20:52:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.2.2","html_url":"https://github.com/hapijs/joi/releases/tag/v10.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.2/manifests"},{"name":"v10.2.1","sha":"5cc4b89ec8aeb0d5355c65e0cda9683caf754502","kind":"tag","published_at":"2017-02-02T15:32:10.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v10.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.1/manifests"},{"name":"v10.2.0","sha":"2bdc9582b88a5073844217887c43f6932d4b94d2","kind":"tag","published_at":"2017-01-15T19:11:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.2.0/manifests"},{"name":"v10.1.0","sha":"e93ea260a2e49c5c9561e1c57aadd4390151e139","kind":"tag","published_at":"2016-12-23T15:47:51.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.1.0/manifests"},{"name":"v10.0.6","sha":"15f2dbce28efb3fd5ed12e30f1cf96c366a842b8","kind":"tag","published_at":"2016-12-14T13:24:11.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.6","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.6/manifests"},{"name":"v10.0.5","sha":"abfe727885af779a676e6a205ee15cdc8b435691","kind":"tag","published_at":"2016-12-05T16:48:33.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.5","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.5/manifests"},{"name":"v10.0.4","sha":"6fa10c501f59f66d17b856aa031276102928f16f","kind":"tag","published_at":"2016-12-05T14:13:30.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.4/manifests"},{"name":"v10.0.3","sha":"99fd2220bb1debb4ac00ea0c252b3fcb6193303c","kind":"tag","published_at":"2016-12-04T15:04:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.3/manifests"},{"name":"v10.0.2","sha":"ee814ad8865f3cac4290d30056db98010aca4007","kind":"tag","published_at":"2016-12-01T23:16:47.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.2/manifests"},{"name":"v10.0.1","sha":"3e102c9ad0266c5110f9d71c824d97d954f1a679","kind":"tag","published_at":"2016-11-18T18:41:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.1/manifests"},{"name":"v10.0.0","sha":"aff2519a388ce06aa4ef5d9260196b8b658b2393","kind":"tag","published_at":"2016-11-17T23:51:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v10.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v10.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v10.0.0/manifests"},{"name":"v9.2.0","sha":"25f7d6123ce5d2238c0a4d3298660c321197bfd4","kind":"tag","published_at":"2016-10-18T08:37:00.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v9.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.2.0/manifests"},{"name":"v9.1.1","sha":"e08b37dc44b5fc515077e3078fe2ff94f507606a","kind":"tag","published_at":"2016-10-12T17:47:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v9.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.1.1/manifests"},{"name":"v9.1.0","sha":"6cd3c61766935ff3f9f627595f69035985838fec","kind":"tag","published_at":"2016-09-29T17:26:16.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v9.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.1.0/manifests"},{"name":"v9.0.4","sha":"84e522b2999b6186913d209c394e2ac24ba2affb","kind":"tag","published_at":"2016-07-24T18:34:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.4/manifests"},{"name":"v9.0.3","sha":"ec0ef656fc66727b58194b09efb10eb181b07ef4","kind":"tag","published_at":"2016-07-24T14:29:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.3/manifests"},{"name":"v9.0.2","sha":"079c4d6a49d15e34cf8c8cdd712a98dc8839a53c","kind":"tag","published_at":"2016-07-24T13:10:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.2/manifests"},{"name":"v9.0.1","sha":"98eaa754379f329a624ffebd8b8fac5552ed1191","kind":"tag","published_at":"2016-07-15T17:35:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.1/manifests"},{"name":"v9.0.0","sha":"2570c4240e91f88a778b0e7ca553ad047d7b565a","kind":"tag","published_at":"2016-07-09T13:46:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0/manifests"},{"name":"v9.0.0-9","sha":"6fcca7c48be0c2f70593f78e2103970ac7f55630","kind":"tag","published_at":"2016-06-27T21:10:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-9","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-9/manifests"},{"name":"v9.0.0-8","sha":"32bf602d53564f2632a3b90de78cb76ef8acdbc0","kind":"tag","published_at":"2016-06-25T14:58:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-8","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-8/manifests"},{"name":"v9.0.0-7","sha":"9ed1e437fe852efc7fcc7e2fd66c0f91bcfc4059","kind":"tag","published_at":"2016-06-22T22:33:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-7","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-7/manifests"},{"name":"v9.0.0-6","sha":"cda87c351564917108dd7ab05541fef72755a738","kind":"tag","published_at":"2016-06-18T22:37:10.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-6","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-6/manifests"},{"name":"v8.4.2","sha":"2a65da328d53fd6baa503729a1648ebacafb687c","kind":"tag","published_at":"2016-06-12T14:51:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.4.2","html_url":"https://github.com/hapijs/joi/releases/tag/v8.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.2/manifests"},{"name":"v9.0.0-5","sha":"3b515cf979ad7ca87dcdf4673f8759aa7aaed50c","kind":"tag","published_at":"2016-06-12T12:26:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-5","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-5/manifests"},{"name":"v9.0.0-4","sha":"bc9ad2b0e6a4e836ff884c12865499e236934d5d","kind":"tag","published_at":"2016-06-11T21:46:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-4","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-4/manifests"},{"name":"v9.0.0-3","sha":"0b1edca9c9363adcdb00b5bf919b81b6e6c268b3","kind":"tag","published_at":"2016-06-06T09:30:53.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-3","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-3/manifests"},{"name":"v8.4.1","sha":"a3e1cf5ff8de94a65d0a5b224a0a4e025adae351","kind":"tag","published_at":"2016-06-05T07:31:48.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v8.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.1/manifests"},{"name":"v8.4.0","sha":"8a13330ef1bb479c750aad9dbf41cb85c6518019","kind":"tag","published_at":"2016-05-29T21:30:37.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v8.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.4.0/manifests"},{"name":"v8.3.0","sha":"0ada70e7168afc03977ec08b036ae8090e0ef8c2","kind":"tag","published_at":"2016-05-28T19:49:50.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v8.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.3.0/manifests"},{"name":"v8.2.1","sha":"d1b673d64c515916f7cd53b2e39379f212746e82","kind":"tag","published_at":"2016-05-28T15:34:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v8.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.2.1/manifests"},{"name":"v8.2.0","sha":"1d56f97c0afc90ea534f9a0e9eec18277d8f9144","kind":"tag","published_at":"2016-05-28T14:08:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v8.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.2.0/manifests"},{"name":"v9.0.0-2","sha":"197cf30b9690028bd00db0d3aa86b6ad14363ae3","kind":"tag","published_at":"2016-05-24T18:24:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-2","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-2/manifests"},{"name":"v8.1.1","sha":"362b1b797f138fb2570c0a838c0852e4c8d1f72e","kind":"tag","published_at":"2016-05-24T18:04:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v8.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.1.1/manifests"},{"name":"v9.0.0-1","sha":"9ecf71eba9ee76fbcef689f8e75572714590760e","kind":"tag","published_at":"2016-05-15T10:04:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-1","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-1/manifests"},{"name":"v8.1.0","sha":"97221cd5c4f9752b8ff8a0d440667db12f2ec224","kind":"tag","published_at":"2016-05-07T20:40:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v8.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.1.0/manifests"},{"name":"v9.0.0-0","sha":"49f6ab957868dcf2cc1ba81118a4575a2479eff7","kind":"tag","published_at":"2016-05-05T20:23:26.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v9.0.0-0","html_url":"https://github.com/hapijs/joi/releases/tag/v9.0.0-0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v9.0.0-0/manifests"},{"name":"v8.0.5","sha":"93f914009de02c378e3dc1e0b2d6bce6cbb732a0","kind":"tag","published_at":"2016-03-18T19:28:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.5","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.5/manifests"},{"name":"v8.0.4","sha":"093da6fdcd5f91d1133028414089a3dc60a143b1","kind":"tag","published_at":"2016-03-01T12:15:52.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.4/manifests"},{"name":"v8.0.3","sha":"15a36310f2ac3041e41259cfc0b70c25266baef9","kind":"tag","published_at":"2016-02-25T11:11:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.3/manifests"},{"name":"v8.0.2","sha":"0f83d52975cce7623a379fda2d304d915f17a023","kind":"tag","published_at":"2016-02-19T11:38:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.2/manifests"},{"name":"v8.0.1","sha":"d417fec3f94944c6b299d19a51e411cbf7d42c0e","kind":"tag","published_at":"2016-02-15T12:46:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.1/manifests"},{"name":"v8.0.0","sha":"986109a515aecaf2a28b55f8fd33d0e01eb1c968","kind":"tag","published_at":"2016-02-14T20:57:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v8.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v8.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v8.0.0/manifests"},{"name":"v7.3.0","sha":"101db42f61f28c03f4603417b5e09a78ecf329ea","kind":"tag","published_at":"2016-02-11T15:35:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v7.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.3.0/manifests"},{"name":"v7.2.3","sha":"8ae48b28641e6ae40762725c59465396515d3a02","kind":"tag","published_at":"2016-01-29T13:44:01.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.2.3","html_url":"https://github.com/hapijs/joi/releases/tag/v7.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.3/manifests"},{"name":"v7.2.2","sha":"803e4be43ea78bc78bf0316d63bc7a5cc2d10927","kind":"tag","published_at":"2016-01-19T14:52:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.2.2","html_url":"https://github.com/hapijs/joi/releases/tag/v7.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.2/manifests"},{"name":"v7.2.1","sha":"f42a69eb74e1a4fb8daab356129846403470b053","kind":"tag","published_at":"2016-01-16T19:16:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v7.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.1/manifests"},{"name":"v7.2.0","sha":"c0fd64d5e83514055ba338b22647f2025d306ca2","kind":"tag","published_at":"2016-01-14T18:26:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v7.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.2.0/manifests"},{"name":"v7.1.0","sha":"6cfac4c81ce935371c8bd0104b53adcb7bb35b14","kind":"tag","published_at":"2015-12-26T18:17:03.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v7.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.1.0/manifests"},{"name":"v7.0.1","sha":"7e28f8d7435e5607da5909a4df756428091b10ba","kind":"tag","published_at":"2015-11-26T12:14:38.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v7.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.0.1/manifests"},{"name":"v6.10.1","sha":"19c2e1cdefd557b8297f7cd55cc0fb4f261c2c8e","kind":"tag","published_at":"2015-11-26T12:09:31.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.10.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.10.1/manifests"},{"name":"v7.0.0","sha":"cd05beb7713be330ca845ee76729dae170e91bad","kind":"tag","published_at":"2015-11-01T23:54:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v7.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v7.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v7.0.0/manifests"},{"name":"v6.10.0","sha":"44e8bb4c12a33697c6dfde756326d02eb40c0299","kind":"tag","published_at":"2015-10-29T23:27:31.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.10.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.10.0/manifests"},{"name":"v6.9.1","sha":"9820bee1411d4435bedf8d001912acf2257ca02e","kind":"tag","published_at":"2015-10-15T19:14:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.9.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.9.1/manifests"},{"name":"v6.9.0","sha":"de00c8ad66100b7ecc04cf52c6ef83032f515d7c","kind":"tag","published_at":"2015-10-05T11:11:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.9.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.9.0/manifests"},{"name":"v6.8.1","sha":"6bb5c721edc49348829ad420e3d225441d705e8d","kind":"tag","published_at":"2015-10-02T19:19:44.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.8.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.8.1/manifests"},{"name":"v6.8.0","sha":"eefc2cc693a843885f776a24328b4a7552dfb281","kind":"tag","published_at":"2015-10-02T17:38:41.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.8.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.8.0/manifests"},{"name":"v6.7.1","sha":"d4cd8598e1772abba7c4f0e08fc85b4b1af85c7a","kind":"tag","published_at":"2015-09-16T22:00:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.7.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.7.1/manifests"},{"name":"v6.7.0","sha":"a25c96d1186b7ded1944211de352edc9915e3670","kind":"tag","published_at":"2015-09-13T11:34:35.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.7.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.7.0/manifests"},{"name":"v6.6.1","sha":"40cf19b27dde89347cc643a46fc647d1141ebc5e","kind":"tag","published_at":"2015-07-22T22:30:52.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.6.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.6.1/manifests"},{"name":"v6.6.0","sha":"85fbcc2639b32f28ef50095b186b8ace269dfc2e","kind":"tag","published_at":"2015-07-20T21:46:01.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.6.0/manifests"},{"name":"v6.5.0","sha":"a10e67073f101ebe94041721f83080224d8cdc77","kind":"tag","published_at":"2015-06-24T10:14:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.5.0/manifests"},{"name":"v6.4.3","sha":"fb9bac9b6bcf6b8bd8c1390a39c4faa00520a874","kind":"tag","published_at":"2015-05-27T20:55:41.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.4.3","html_url":"https://github.com/hapijs/joi/releases/tag/v6.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.3/manifests"},{"name":"v6.4.2","sha":"47fe4a529ce6f657d2c147dd246f5b55405f6d3f","kind":"tag","published_at":"2015-05-23T14:29:05.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.4.2","html_url":"https://github.com/hapijs/joi/releases/tag/v6.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.2/manifests"},{"name":"v6.4.1","sha":"f3740f177f0b3e402665a574e06336feea4122e4","kind":"tag","published_at":"2015-04-26T16:09:41.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.1/manifests"},{"name":"v6.4.0","sha":"d907940c0adf21a24ae26cb6e322f6b96c017173","kind":"tag","published_at":"2015-04-26T15:31:17.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.4.0/manifests"},{"name":"v6.3.0","sha":"f175b9334c84f3020c64c1e469979cd9fdfba162","kind":"tag","published_at":"2015-04-23T21:37:17.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.3.0/manifests"},{"name":"v6.2.0","sha":"b62fb9f953b48ec5acb7e4fa5f3f1416bbaef1bf","kind":"tag","published_at":"2015-04-16T21:59:43.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.2.0/manifests"},{"name":"v6.1.2","sha":"4776480d7ba85485a16459e56f5f9150614242c2","kind":"tag","published_at":"2015-04-13T16:35:14.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.1.2","html_url":"https://github.com/hapijs/joi/releases/tag/v6.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.2/manifests"},{"name":"v6.1.1","sha":"188dcf785cc09db326248776789ef15b17faff83","kind":"tag","published_at":"2015-04-09T23:09:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.1/manifests"},{"name":"v6.1.0","sha":"a395450ab6adb85c68cf0dd38e8e000a4694e990","kind":"tag","published_at":"2015-04-02T21:50:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.1.0/manifests"},{"name":"v6.0.8","sha":"bf45625841ff11e0a2795c332a98ed130511c9e3","kind":"tag","published_at":"2015-03-11T21:13:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.8","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.8/manifests"},{"name":"v6.0.7","sha":"2b4b244c885916fe9f42f4b3d17a2d3af21755f6","kind":"tag","published_at":"2015-03-11T18:26:21.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.7","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.7/manifests"},{"name":"v6.0.6","sha":"6b73043cca1d030cbb1e51420c3848715edf2fe0","kind":"tag","published_at":"2015-03-11T11:20:33.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.6","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.6/manifests"},{"name":"v6.0.5","sha":"888e87e086e756a51c05122ce33bd7f2a5089256","kind":"tag","published_at":"2015-03-10T23:47:32.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.5","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.5/manifests"},{"name":"v6.0.4","sha":"650399ed716f5ccf42a3c0e38b460fe0bbee3cf7","kind":"tag","published_at":"2015-03-08T14:31:54.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.4/manifests"},{"name":"v6.0.3","sha":"45d98156c24f233f29de5cc9da1d039404ac7494","kind":"tag","published_at":"2015-03-05T21:24:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.3/manifests"},{"name":"v6.0.2","sha":"4a342ffe66dbe3ddf05be46b4d3043d7d7e75641","kind":"tag","published_at":"2015-03-05T13:28:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.2/manifests"},{"name":"v6.0.1","sha":"ef17f4d0a6602aa7c28c11faa5d167fd81638892","kind":"tag","published_at":"2015-03-05T13:22:13.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.1/manifests"},{"name":"v6.0.0","sha":"089d84e4276fb11618a8a32997cec2a98d6ea1a6","kind":"tag","published_at":"2015-03-02T22:29:30.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v6.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v6.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v6.0.0/manifests"},{"name":"v5.1.0","sha":"feec79f6ce683a5b4e0d842dfe414e40da062d84","kind":"tag","published_at":"2015-01-02T11:24:53.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v5.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.1.0/manifests"},{"name":"v5.0.2","sha":"d0ea5ec5e5411eb0034ac240f2e30af4070c41a5","kind":"tag","published_at":"2014-12-02T09:50:29.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v5.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v5.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.2/manifests"},{"name":"v5.0.1","sha":"da9e0d580a44f67346a406a6e8d7be3d424e848b","kind":"tag","published_at":"2014-11-30T20:51:25.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v5.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.1/manifests"},{"name":"v5.0.0","sha":"c412e7eb6c3be7ff5466c2a68afcd27a2e8be29b","kind":"tag","published_at":"2014-11-30T00:32:45.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v5.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v5.0.0/manifests"},{"name":"v4.9.0","sha":"8ac258348e45a3c2a0def6667137c7e8841c56e5","kind":"tag","published_at":"2014-11-17T19:36:54.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.9.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.9.0/manifests"},{"name":"v4.8.1","sha":"37ac6ebfcec8ca1e9e2ae9af3a86371d00d07556","kind":"tag","published_at":"2014-11-09T11:27:51.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.8.1","html_url":"https://github.com/hapijs/joi/releases/tag/v4.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.8.1/manifests"},{"name":"v4.8.0","sha":"50a9d25ecfb87b99799d9b0c14b529ba3a5ad37e","kind":"tag","published_at":"2014-11-07T22:49:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.8.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.8.0/manifests"},{"name":"v4.7.0","sha":"d4c9eca82365c055e4040489261ab5a4679e51ea","kind":"tag","published_at":"2014-09-20T07:27:19.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.7.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.7.0/manifests"},{"name":"4.6.2","sha":"43345c0f6976841d38b1bd1c388b3aa3cff5f1c6","kind":"tag","published_at":"2014-08-03T07:09:36.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/4.6.2","html_url":"https://github.com/hapijs/joi/releases/tag/4.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/4.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/4.6.2/manifests"},{"name":"v4.6.1","sha":"15cb9ea612454d4ae8f5bfb2da4226fab245837b","kind":"tag","published_at":"2014-06-10T10:00:09.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.6.1","html_url":"https://github.com/hapijs/joi/releases/tag/v4.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.6.1/manifests"},{"name":"v4.6.0","sha":"f7d12a8b8949230dcbb16a39d6a72f7d8159dace","kind":"tag","published_at":"2014-06-08T19:41:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.6.0/manifests"},{"name":"v4.5.0","sha":"24fc07523c81c15616c3bfd2fa088a8815898b8f","kind":"tag","published_at":"2014-05-26T18:21:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.5.0/manifests"},{"name":"v4.4.0","sha":"3178c4c0dc84ace23e5d7c438209542cfe171219","kind":"tag","published_at":"2014-05-24T19:16:30.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.4.0/manifests"},{"name":"v4.3.1","sha":"8ae04176db56b084995a095a7ca545798036c495","kind":"tag","published_at":"2014-05-23T20:24:06.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v4.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.3.1/manifests"},{"name":"v4.3.0","sha":"6cb67e9976bb4461c630c7eee1935409c06068c6","kind":"tag","published_at":"2014-05-22T08:04:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.3.0/manifests"},{"name":"v4.2.1","sha":"5153d36130c0c8bfc5735128a5b2f7c75025962d","kind":"tag","published_at":"2014-05-19T18:04:10.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.2.1/manifests"},{"name":"v4.2.0","sha":"b77881bab3d8fcc7bbd6f04808d0894199ed400f","kind":"tag","published_at":"2014-05-18T22:41:02.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.2.0/manifests"},{"name":"v4.0.0","sha":"d88d65a82d270fbb14cbbaa8c9e7c6a4e4ac449a","kind":"tag","published_at":"2014-04-23T07:34:15.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v4.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v4.0.0/manifests"},{"name":"v2.9.0","sha":"ad2a92249fa0edbfc3b43b3108062e8eaf693388","kind":"tag","published_at":"2014-03-27T00:22:29.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.9.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.9.0/manifests"},{"name":"v3.1.0","sha":"5917b49e9c015641e210cfc36e3104a749bab0d6","kind":"tag","published_at":"2014-03-26T15:30:51.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v3.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v3.1.0/manifests"},{"name":"v3.0.0","sha":"bc9c19e4a5a8537cedb693487b020feeeb61fb05","kind":"tag","published_at":"2014-03-26T07:36:14.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v3.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v3.0.0/manifests"},{"name":"v2.8.0","sha":"f10ab128844afd2ef3e755f348aba56b367dd8b7","kind":"tag","published_at":"2014-03-12T06:46:41.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.8.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.8.0/manifests"},{"name":"v2.7.0","sha":"1fd4c00863f34aced04dd8a5d3f9f17a5d9273c3","kind":"tag","published_at":"2014-02-07T23:01:22.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.7.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.7.0/manifests"},{"name":"v2.6.0","sha":"87ce2b59324b4372f8c8f2392ee7ad96b29c1ee5","kind":"tag","published_at":"2014-02-07T22:43:55.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.6.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.6.0/manifests"},{"name":"v2.5.0","sha":"8e48126c52627f04f7679ca060a2f733116c060f","kind":"tag","published_at":"2014-02-02T21:14:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.5.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.5.0/manifests"},{"name":"v2.4.3","sha":"098f9e39b9fec1b59372e9f075e04ddad6456697","kind":"tag","published_at":"2014-02-02T18:51:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.4.3","html_url":"https://github.com/hapijs/joi/releases/tag/v2.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.3/manifests"},{"name":"v2.4.2","sha":"7af59580b3b10c63161a5ea0f7177b0b5ad03f10","kind":"tag","published_at":"2014-02-02T18:22:47.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.4.2","html_url":"https://github.com/hapijs/joi/releases/tag/v2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.2/manifests"},{"name":"v2.4.1","sha":"1fab46b03a096a33e9f02093f6e1b97626339790","kind":"tag","published_at":"2014-02-02T09:19:45.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.4.1","html_url":"https://github.com/hapijs/joi/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"559d0ec77a1b3c869d621d44df90ae57bb3187cb","kind":"tag","published_at":"2014-02-02T09:03:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.4.0/manifests"},{"name":"v2.3.1","sha":"4d71eb722f986795fdf594242da4ff2cb5e81f0a","kind":"tag","published_at":"2014-01-15T17:54:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.3.1/manifests"},{"name":"v2.3.0","sha":"25dc5eca6847fe150dbabdc2588d69f06ffbf87e","kind":"tag","published_at":"2014-01-14T21:56:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.3.0/manifests"},{"name":"v2.2.0","sha":"07b4cc81b1b02e8edb2397633f45a2c9d1c4f17c","kind":"tag","published_at":"2014-01-13T22:17:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.2.0/manifests"},{"name":"v2.1.0","sha":"3d87038b4135d30262eab346a2bb472afe64d86b","kind":"tag","published_at":"2013-12-11T21:52:14.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.1.0/manifests"},{"name":"v2.0.3","sha":"ebd806acb43d3b034a1c98d3dbbb779fa10cfa3f","kind":"tag","published_at":"2013-11-06T22:52:34.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.0.3","html_url":"https://github.com/hapijs/joi/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.3/manifests"},{"name":"v2.0.2","sha":"772e29d393dd2c53dead82326da230dc80605450","kind":"tag","published_at":"2013-11-06T17:50:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.0.2","html_url":"https://github.com/hapijs/joi/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.2/manifests"},{"name":"v2.0.1","sha":"451a7fee1e425a45b5ece8ec1e752c1890c8cdc4","kind":"tag","published_at":"2013-11-06T17:36:32.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.0.1","html_url":"https://github.com/hapijs/joi/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"6d753fbb20b037a2a7905ec38c5667a200c6dab0","kind":"tag","published_at":"2013-11-06T08:11:18.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v2.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v2.0.0/manifests"},{"name":"v1.2.3","sha":"711db8b34552ffbe81301011dd8d98264b029576","kind":"tag","published_at":"2013-10-21T22:27:00.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.2.3","html_url":"https://github.com/hapijs/joi/releases/tag/v1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.3/manifests"},{"name":"v1.2.2","sha":"b10b8a7ec93067b515ba348186e7a5bd6205fe47","kind":"tag","published_at":"2013-10-02T23:54:24.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.2.2","html_url":"https://github.com/hapijs/joi/releases/tag/v1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.2/manifests"},{"name":"v1.2.1","sha":"a53b35892229bde4411efe5f4307508e2ed7d1e7","kind":"tag","published_at":"2013-10-01T23:10:59.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"6ef0391efb386b68704293850af15a38e77cd68c","kind":"tag","published_at":"2013-09-06T14:54:32.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.2.0/manifests"},{"name":"v1.1.0","sha":"a9cd1c671b2e1eae5dd1295aaa9f5b7615f433fd","kind":"tag","published_at":"2013-08-21T17:58:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.1.0/manifests"},{"name":"v1.0.0","sha":"1af6c9a206a502545767e8c9d410d56ef22bcf8f","kind":"tag","published_at":"2013-08-16T14:52:52.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v1.0.0","html_url":"https://github.com/hapijs/joi/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v1.0.0/manifests"},{"name":"v0.4.0","sha":"730e78d1659718a0b684efbbaf468700b7ec1853","kind":"tag","published_at":"2013-07-31T17:43:46.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.4.0","html_url":"https://github.com/hapijs/joi/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.4.0/manifests"},{"name":"v0.3.6","sha":"232104db10dbb10e5ff0f4dd46860ca4669ea943","kind":"tag","published_at":"2013-07-31T15:09:16.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.6","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.6/manifests"},{"name":"v0.3.5","sha":"34d7a9c2a943614605981066f66bd2c2cb3b0c81","kind":"tag","published_at":"2013-05-25T16:57:37.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.5","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.5/manifests"},{"name":"v0.3.4","sha":"0fb77cfb9090af94126fcd4f2c218968c6ff5273","kind":"tag","published_at":"2013-04-24T18:52:04.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.4","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.4/manifests"},{"name":"v0.3.3","sha":"d4b753c372c2ef4a8658452a40808f43b4e11464","kind":"tag","published_at":"2013-04-24T17:49:50.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.3","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.3/manifests"},{"name":"v0.3.2","sha":"dbf996c27e6f0e3d775e537ae9c034cd7d9397f3","kind":"tag","published_at":"2013-04-15T20:12:57.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.2","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.2/manifests"},{"name":"v0.3.1","sha":"0ac731483a032db4e95fe1846701eef7a52b9614","kind":"tag","published_at":"2013-04-15T16:11:12.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.1","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.1/manifests"},{"name":"v0.3.0","sha":"b741fbf7e32418ec86c6db3f1e33bfb49c30741d","kind":"tag","published_at":"2013-04-05T23:57:57.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.3.0","html_url":"https://github.com/hapijs/joi/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.3.0/manifests"},{"name":"v0.2.6","sha":"7d4785ad842fd7725667668bf7d79b9c115eed27","kind":"tag","published_at":"2013-04-03T19:54:08.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.6","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.6/manifests"},{"name":"v0.2.4","sha":"23292be2a024b56506c0ed308db1bb00fbe0dcee","kind":"tag","published_at":"2013-04-02T05:30:52.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.4","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.4/manifests"},{"name":"v0.2.3","sha":"94ea247c7defa331d98c66124d0bc90750127cad","kind":"tag","published_at":"2013-04-01T22:26:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.3","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.3/manifests"},{"name":"v0.2.5","sha":"0302991db223111b60f25a99723c1e88732520e0","kind":"tag","published_at":"2013-04-01T07:02:28.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.5","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.5/manifests"},{"name":"v0.2.2","sha":"1056a44b41971a7f9128a24d03f536f6cd97ab33","kind":"tag","published_at":"2013-03-18T19:17:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.2","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.2/manifests"},{"name":"v0.2.1","sha":"45b01d25b0637c51c537de5c0742f3dc88ee0993","kind":"tag","published_at":"2013-03-18T17:14:42.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.1","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.1/manifests"},{"name":"v0.2.0","sha":"942b9f75a17c89eed28ebb3df5dc53f70abfaead","kind":"tag","published_at":"2013-03-09T00:51:27.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.2.0","html_url":"https://github.com/hapijs/joi/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.2.0/manifests"},{"name":"v0.1.3","sha":"7da02a0abbef60c493d21e640974b690eb84ce30","kind":"tag","published_at":"2013-03-05T23:54:54.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.1.3","html_url":"https://github.com/hapijs/joi/releases/tag/v0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.3/manifests"},{"name":"v0.1.2","sha":"1f39a4afe814b00aff25727b373c2734dc280c36","kind":"tag","published_at":"2013-03-04T21:50:07.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.1.2","html_url":"https://github.com/hapijs/joi/releases/tag/v0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.2/manifests"},{"name":"v0.1.1","sha":"b1a9b269dc16713c9847338ed51501f15b377fdc","kind":"tag","published_at":"2013-02-25T19:11:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.1.1","html_url":"https://github.com/hapijs/joi/releases/tag/v0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.1/manifests"},{"name":"v0.1.0","sha":"d6e8ee5e6e49150dbf151b4e2d017724bcfda869","kind":"tag","published_at":"2013-02-17T07:40:30.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.1.0","html_url":"https://github.com/hapijs/joi/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.1.0/manifests"},{"name":"v0.0.10","sha":"258023b4c7d2ed6716ecbe6be5a89fba571dd13d","kind":"tag","published_at":"2013-02-14T21:50:23.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.10","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.10/manifests"},{"name":"v0.0.9","sha":"aa696f9059980ea27ca79315751484016eb101a0","kind":"tag","published_at":"2013-02-13T17:41:58.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.9","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.9/manifests"},{"name":"v0.0.8","sha":"ce61c682c8c97f5479c57042509658bd78f41d0f","kind":"tag","published_at":"2013-02-08T22:25:39.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.8","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.8/manifests"},{"name":"v0.0.7","sha":"f27a94c09ecbfaf9da99d9ec828c5a51b968951f","kind":"tag","published_at":"2013-02-07T19:22:40.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.7","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.7/manifests"},{"name":"v0.0.6-1","sha":"5b955774fdf96e00546a52a1c5897ecea36f2603","kind":"tag","published_at":"2013-01-03T01:59:36.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.6-1","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.6-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.6-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.6-1/manifests"},{"name":"v0.0.6","sha":"6c48ed99b86c0c7d1edea781d62cca88140d2c85","kind":"tag","published_at":"2012-12-07T21:46:15.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.6","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.6/manifests"},{"name":"v0.0.5","sha":"dd311efa8caace25b0194029b15bf20d31f5fc72","kind":"tag","published_at":"2012-11-20T17:35:56.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.5","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.5/manifests"},{"name":"v0.0.4","sha":"4e727d7417b6453a91b0d82095ab915145b07943","kind":"tag","published_at":"2012-10-01T23:17:06.000Z","download_url":"https://codeload.github.com/hapijs/joi/tar.gz/v0.0.4","html_url":"https://github.com/hapijs/joi/releases/tag/v0.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fjoi/tags/v0.0.4/manifests"}]},"repo_metadata_updated_at":"2025-06-06T05:34:43.191Z","dependent_packages_count":7976,"downloads":51945782,"downloads_period":"last-month","dependent_repos_count":580239,"rankings":{"downloads":0.0399197880582336,"dependent_repos_count":0.04884561172557528,"dependent_packages_count":0.012047123968191211,"stargazers_count":0.6510922908263341,"forks_count":0.9775967301915165,"docker_downloads_count":0.06872336627309078,"average":0.29970415184049026},"purl":"pkg:npm/joi","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/joi","docker_dependents_count":3509,"docker_downloads_count":2129511925,"usage_url":"https://repos.ecosyste.ms/usage/npm/joi","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/joi/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/joi/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/joi/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/joi/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/joi/related_packages","maintainers":[{"uuid":"nlf","login":"nlf","name":null,"email":"quitlahok@gmail.com","url":null,"packages_count":316,"html_url":"https://www.npmjs.com/~nlf","role":null,"created_at":"2022-11-10T11:20:29.482Z","updated_at":"2022-11-10T11:20:29.482Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/nlf/packages"},{"uuid":"marsup","login":"marsup","name":null,"email":"nicolas@morel.io","url":null,"packages_count":170,"html_url":"https://www.npmjs.com/~marsup","role":null,"created_at":"2022-11-10T11:20:29.486Z","updated_at":"2022-11-10T11:20:29.486Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/marsup/packages"},{"uuid":"devinivy","login":"devinivy","name":null,"email":"devin@bigroomstudios.com","url":null,"packages_count":302,"html_url":"https://www.npmjs.com/~devinivy","role":null,"created_at":"2022-11-10T11:20:29.475Z","updated_at":"2022-11-10T11:20:29.475Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/devinivy/packages"},{"uuid":"wyatt","login":"wyatt","name":null,"email":"wpreul@gmail.com","url":null,"packages_count":185,"html_url":"https://www.npmjs.com/~wyatt","role":null,"created_at":"2022-11-10T11:20:29.471Z","updated_at":"2022-11-10T11:20:29.471Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/wyatt/packages"},{"uuid":"nargonath","login":"nargonath","name":null,"email":"jonas.pauthier@gmail.com","url":null,"packages_count":169,"html_url":"https://www.npmjs.com/~nargonath","role":null,"created_at":"2022-11-10T11:20:29.479Z","updated_at":"2022-11-10T11:20:29.479Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/nargonath/packages"},{"uuid":"hueniverse","login":"hueniverse","name":null,"email":"eran@hammer.io","url":null,"packages_count":40,"html_url":"https://www.npmjs.com/~hueniverse","role":null,"created_at":"2022-11-10T11:20:29.490Z","updated_at":"2022-11-10T11:20:29.490Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/hueniverse/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5007760,"maintainers_count":1013018,"namespaces_count":295512,"keywords_count":700181,"github":"npm","metadata":{"funded_packages_count":150239},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-06T05:58:05.971Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":288,"unique_repositories_count_past_30_days":34,"recent_issues":[{"uuid":"4661309391","node_id":"PR_kwDOSLP7l87mV5xj","number":105,"state":"open","title":"chore(deps): bump the api-patch-and-minor group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-15T01:10:42.000Z","updated_at":"2026-06-15T01:10:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"api-patch-and-minor","update_count":19,"packages":[{"name":"@opentelemetry/auto-instrumentations-node","old_version":"0.72.0","new_version":"0.77.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js-contrib"},{"name":"@opentelemetry/exporter-trace-otlp-http","old_version":"0.214.0","new_version":"0.219.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"@opentelemetry/sdk-node","old_version":"0.214.0","new_version":"0.219.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"class-validator","old_version":"0.14.4","new_version":"0.15.1","repository_url":"https://github.com/typestack/class-validator"},{"name":"ioredis","old_version":"5.10.0","new_version":"5.11.1","repository_url":"https://github.com/luin/ioredis"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"neo4j-driver","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/neo4j/neo4j-javascript-driver"},{"name":"pg","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/brianc/node-postgres"},{"name":"tree-sitter","old_version":"0.21.1","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/node-tree-sitter"},{"name":"tree-sitter-go","old_version":"0.21.2","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-go"},{"name":"tree-sitter-java","old_version":"0.21.0","new_version":"0.23.5","repository_url":"https://github.com/tree-sitter/tree-sitter-java"},{"name":"tree-sitter-javascript","old_version":"0.21.4","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-javascript"},{"name":"tree-sitter-php","old_version":"0.23.0","new_version":"0.24.2","repository_url":"https://github.com/tree-sitter/tree-sitter-php"},{"name":"tree-sitter-python","old_version":"0.21.0","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-python"},{"name":"tree-sitter-rust","old_version":"0.21.0","new_version":"0.24.0","repository_url":"https://github.com/tree-sitter/tree-sitter-rust"},{"name":"typeorm","old_version":"0.3.28","new_version":"0.3.30","repository_url":"https://github.com/typeorm/typeorm"},{"name":"@types/node","old_version":"20.19.37","new_version":"20.19.43","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.4","repository_url":"https://github.com/prettier/prettier"},{"name":"ts-jest","old_version":"29.4.6","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"}],"path":null,"ecosystem":"npm"},"body":"Bumps the api-patch-and-minor group with 19 updates in the /coderover-api directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@opentelemetry/auto-instrumentations-node](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node) | `0.72.0` | `0.77.0` |\n| [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.214.0` | `0.219.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.214.0` | `0.219.0` |\n| [class-validator](https://github.com/typestack/class-validator) | `0.14.4` | `0.15.1` |\n| [ioredis](https://github.com/luin/ioredis) | `5.10.0` | `5.11.1` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [neo4j-driver](https://github.com/neo4j/neo4j-javascript-driver) | `6.0.1` | `6.1.0` |\n| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` |\n| [tree-sitter](https://github.com/tree-sitter/node-tree-sitter) | `0.21.1` | `0.25.0` |\n| [tree-sitter-go](https://github.com/tree-sitter/tree-sitter-go) | `0.21.2` | `0.25.0` |\n| [tree-sitter-java](https://github.com/tree-sitter/tree-sitter-java) | `0.21.0` | `0.23.5` |\n| [tree-sitter-javascript](https://github.com/tree-sitter/tree-sitter-javascript) | `0.21.4` | `0.25.0` |\n| [tree-sitter-php](https://github.com/tree-sitter/tree-sitter-php) | `0.23.0` | `0.24.2` |\n| [tree-sitter-python](https://github.com/tree-sitter/tree-sitter-python) | `0.21.0` | `0.25.0` |\n| [tree-sitter-rust](https://github.com/tree-sitter/tree-sitter-rust) | `0.21.0` | `0.24.0` |\n| [typeorm](https://github.com/typeorm/typeorm) | `0.3.28` | `0.3.30` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.37` | `20.19.43` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.4` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.11` |\n\n\nUpdates `@opentelemetry/auto-instrumentations-node` from 0.72.0 to 0.77.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/auto-instrumentations-node/CHANGELOG.md\"\u003e@​opentelemetry/auto-instrumentations-node's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/compare/auto-instrumentations-node-v0.76.0...auto-instrumentations-node-v0.77.0\"\u003e0.77.0\u003c/a\u003e (2026-06-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e and integrate into auto-instrumentations-node (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3492\"\u003e#3492\u003c/a\u003e) (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/16bee31051d92e8add717a798c967147a84eb7b6\"\u003e16bee31\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update deps matching '@opentelemetry/*' (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/bd569b54fbdbf4e7bb915c43ff7c6e88ab451738\"\u003ebd569b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\n\u003cul\u003e\n\u003cli\u003edependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-amqplib\u003c/code\u003e bumped from ^0.65.0 to ^0.66.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-aws-lambda\u003c/code\u003e bumped from ^0.70.0 to ^0.71.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-aws-sdk\u003c/code\u003e bumped from ^0.73.0 to ^0.74.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-bunyan\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-cassandra-driver\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-connect\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-cucumber\u003c/code\u003e bumped from ^0.34.0 to ^0.35.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-dataloader\u003c/code\u003e bumped from ^0.35.0 to ^0.36.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-dns\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-express\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-fs\u003c/code\u003e bumped from ^0.37.0 to ^0.38.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-generic-pool\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-graphql\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-hapi\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e bumped from ^0.1.0 to ^0.2.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-ioredis\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-kafkajs\u003c/code\u003e bumped from ^0.27.0 to ^0.28.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-knex\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-koa\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-lru-memoizer\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-memcached\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mongodb\u003c/code\u003e bumped from ^0.71.0 to ^0.72.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mongoose\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mysql\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mysql2\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-nestjs-core\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-net\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-openai\u003c/code\u003e bumped from ^0.16.0 to ^0.17.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-oracledb\u003c/code\u003e bumped from ^0.43.0 to ^0.44.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-pg\u003c/code\u003e bumped from ^0.70.0 to ^0.71.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-pino\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-redis\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-restify\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-router\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-runtime-node\u003c/code\u003e bumped from ^0.31.0 to ^0.32.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-socket\u003c/code\u003e.io bumped from ^0.65.0 to ^0.66.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-tedious\u003c/code\u003e bumped from ^0.37.0 to ^0.38.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/4e52a9053029304f271b7dbe1b07e7fb2b987e30\"\u003e\u003ccode\u003e4e52a90\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3524\"\u003e#3524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/bd569b54fbdbf4e7bb915c43ff7c6e88ab451738\"\u003e\u003ccode\u003ebd569b5\u003c/code\u003e\u003c/a\u003e feat(deps): update deps matching '@opentelemetry/*' (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3567\"\u003e#3567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/16bee31051d92e8add717a798c967147a84eb7b6\"\u003e\u003ccode\u003e16bee31\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e and integrate into auto...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/15ef7506553f631ea4181391e0c5725a56f0d082\"\u003e\u003ccode\u003e15ef750\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3508\"\u003e#3508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/e26a90af6e2fb4666b22388b770add7a60140c9b\"\u003e\u003ccode\u003ee26a90a\u003c/code\u003e\u003c/a\u003e feat(deps): update deps matching '@opentelemetry/*' (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3523\"\u003e#3523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commits/auto-instrumentations-node-v0.77.0/packages/auto-instrumentations-node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-trace-otlp-http` from 0.214.0 to 0.219.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-trace-otlp-http's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.219.0\u003c/h2\u003e\n\u003ch2\u003e0.219.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration)!: stop removing \u003ccode\u003enull\u003c/code\u003e values from parsed config object \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6679\"\u003e#6679\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIt is now the responsibility of the user of a parsed declarative config object, typically just the \u003ccode\u003esdk-node\u003c/code\u003e package, to handle \u003ccode\u003enull\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix(api-logs)!: Removed \u003ccode\u003eNOOP_LOGGER\u003c/code\u003e and \u003ccode\u003eNoopLogger\u003c/code\u003e exports from \u003ccode\u003e@opentelemetry/api-logs\u003c/code\u003e. Use \u003ccode\u003ecreateNoopLogger(): Logger\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6713\"\u003e#6713\u003c/a\u003e \u003ca href=\"https://github.com/dyladan\"\u003e\u003ccode\u003e@​dyladan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node)!: remove \u003ccode\u003ebuildSamplerFromConfig\u003c/code\u003e export \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6784\"\u003e#6784\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire up metric producers from declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6712\"\u003e#6712\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-logs)!: add support for attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(sdk-node): pass all config properties to log record exporters in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6708\"\u003e#6708\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): warn and ignore zero exporter timeout in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6711\"\u003e#6711\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6705\"\u003e#6705\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): do not attempt to skip groups \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6704\"\u003e#6704\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-grpc-exporter-base): recreate client after 5 consecutive \u003ccode\u003eDEADLINE_EXCEEDED\u003c/code\u003e to recover from connection dropped deadlock \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6296\"\u003e#6296\u003c/a\u003e \u003ca href=\"https://github.com/afharo\"\u003e\u003ccode\u003e@​afharo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): use the right semantic convention for user agent resource attribute \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6729\"\u003e#6729\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): user agent resource attribute always \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6754\"\u003e#6754\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6727\"\u003e#6727\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-logs): avoid null dereference in \u003ccode\u003eBatchLogRecordProcessor._flushAll\u003c/code\u003e when an in-flight export completes between awaits \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6763\"\u003e#6763\u003c/a\u003e \u003ca href=\"https://github.com/Janealter\"\u003e\u003ccode\u003e@​Janealter\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve environment variable substitution to handle all the cases shown in the spec \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6757\"\u003e#6757\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:books: Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs(otlp-exporter-base): index the package's public API in generated docs so types like \u003ccode\u003eOTLPExporterNodeConfigBase\u003c/code\u003e resolve and link from consumer exporter pages \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6725\"\u003e#6725\u003c/a\u003e \u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6710\"\u003e#6710\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/13a035bc695996cf4aec885fef7b9866f48bc555\"\u003e\u003ccode\u003e13a035b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6756\"\u003e#6756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/4b13587d1e08b47baf153e5312ccd08a3240d074\"\u003e\u003ccode\u003e4b13587\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/71d195c508320295f1892aaed1ee2f1971ffb470\"\u003e\u003ccode\u003e71d195c\u003c/code\u003e\u003c/a\u003e chore(renovate): set minimumReleaseAge to 3 days (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6792\"\u003e#6792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/555fca6ce94fb8d40a5f869dbd28e43143b4e730\"\u003e\u003ccode\u003e555fca6\u003c/code\u003e\u003c/a\u003e Update renovate.json to use matchManagers (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6141\"\u003e#6141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b711a81d5262904245d70f1857b6f3bc811b22cd\"\u003e\u003ccode\u003eb711a81\u003c/code\u003e\u003c/a\u003e docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/da704029ccd291d65402f3d1c469bd3f25aec047\"\u003e\u003ccode\u003eda70402\u003c/code\u003e\u003c/a\u003e fix(ci): supply-chain sec: disable caching in release-related workflow (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6790\"\u003e#6790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/002267b1c639aac1d2f1d6e5c7ac3ed023109ea0\"\u003e\u003ccode\u003e002267b\u003c/code\u003e\u003c/a\u003e chore: complete the move to the smaller SPDX license header (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6791\"\u003e#6791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/056ef9c4e1ddf9306477b7ce26acc7be489f9c6c\"\u003e\u003ccode\u003e056ef9c\u003c/code\u003e\u003c/a\u003e feat(sdk-metrics): implement metric reader metrics (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6449\"\u003e#6449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/3bd69ce18011f9a16a7231489d9c3acc8294e8d9\"\u003e\u003ccode\u003e3bd69ce\u003c/code\u003e\u003c/a\u003e fix(configuration): improve environment variable substitution to handle all t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/bfbda7c2d90e1686f51cd0fc4d02d785ab9a9cc0\"\u003e\u003ccode\u003ebfbda7c\u003c/code\u003e\u003c/a\u003e docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.214.0...experimental/v0.219.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.214.0 to 0.219.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.219.0\u003c/h2\u003e\n\u003ch2\u003e0.219.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration)!: stop removing \u003ccode\u003enull\u003c/code\u003e values from parsed config object \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6679\"\u003e#6679\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIt is now the responsibility of the user of a parsed declarative config object, typically just the \u003ccode\u003esdk-node\u003c/code\u003e package, to handle \u003ccode\u003enull\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix(api-logs)!: Removed \u003ccode\u003eNOOP_LOGGER\u003c/code\u003e and \u003ccode\u003eNoopLogger\u003c/code\u003e exports from \u003ccode\u003e@opentelemetry/api-logs\u003c/code\u003e. Use \u003ccode\u003ecreateNoopLogger(): Logger\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6713\"\u003e#6713\u003c/a\u003e \u003ca href=\"https://github.com/dyladan\"\u003e\u003ccode\u003e@​dyladan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node)!: remove \u003ccode\u003ebuildSamplerFromConfig\u003c/code\u003e export \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6784\"\u003e#6784\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire up metric producers from declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6712\"\u003e#6712\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-logs)!: add support for attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(sdk-node): pass all config properties to log record exporters in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6708\"\u003e#6708\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): warn and ignore zero exporter timeout in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6711\"\u003e#6711\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6705\"\u003e#6705\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): do not attempt to skip groups \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6704\"\u003e#6704\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-grpc-exporter-base): recreate client after 5 consecutive \u003ccode\u003eDEADLINE_EXCEEDED\u003c/code\u003e to recover from connection dropped deadlock \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6296\"\u003e#6296\u003c/a\u003e \u003ca href=\"https://github.com/afharo\"\u003e\u003ccode\u003e@​afharo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): use the right semantic convention for user agent resource attribute \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6729\"\u003e#6729\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): user agent resource attribute always \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6754\"\u003e#6754\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6727\"\u003e#6727\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-logs): avoid null dereference in \u003ccode\u003eBatchLogRecordProcessor._flushAll\u003c/code\u003e when an in-flight export completes between awaits \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6763\"\u003e#6763\u003c/a\u003e \u003ca href=\"https://github.com/Janealter\"\u003e\u003ccode\u003e@​Janealter\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve environment variable substitution to handle all the cases shown in the spec \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6757\"\u003e#6757\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:books: Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs(otlp-exporter-base): index the package's public API in generated docs so types like \u003ccode\u003eOTLPExporterNodeConfigBase\u003c/code\u003e resolve and link from consumer exporter pages \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6725\"\u003e#6725\u003c/a\u003e \u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6710\"\u003e#6710\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/13a035bc695996cf4aec885fef7b9866f48bc555\"\u003e\u003ccode\u003e13a035b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6756\"\u003e#6756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/4b13587d1e08b47baf153e5312ccd08a3240d074\"\u003e\u003ccode\u003e4b13587\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/71d195c508320295f1892aaed1ee2f1971ffb470\"\u003e\u003ccode\u003e71d195c\u003c/code\u003e\u003c/a\u003e chore(renovate): set minimumReleaseAge to 3 days (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6792\"\u003e#6792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/555fca6ce94fb8d40a5f869dbd28e43143b4e730\"\u003e\u003ccode\u003e555fca6\u003c/code\u003e\u003c/a\u003e Update renovate.json to use matchManagers (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6141\"\u003e#6141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b711a81d5262904245d70f1857b6f3bc811b22cd\"\u003e\u003ccode\u003eb711a81\u003c/code\u003e\u003c/a\u003e docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/da704029ccd291d65402f3d1c469bd3f25aec047\"\u003e\u003ccode\u003eda70402\u003c/code\u003e\u003c/a\u003e fix(ci): supply-chain sec: disable caching in release-related workflow (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6790\"\u003e#6790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/002267b1c639aac1d2f1d6e5c7ac3ed023109ea0\"\u003e\u003ccode\u003e002267b\u003c/code\u003e\u003c/a\u003e chore: complete the move to the smaller SPDX license header (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6791\"\u003e#6791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/056ef9c4e1ddf9306477b7ce26acc7be489f9c6c\"\u003e\u003ccode\u003e056ef9c\u003c/code\u003e\u003c/a\u003e feat(sdk-metrics): implement metric reader metrics (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6449\"\u003e#6449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/3bd69ce18011f9a16a7231489d9c3acc8294e8d9\"\u003e\u003ccode\u003e3bd69ce\u003c/code\u003e\u003c/a\u003e fix(configuration): improve environment variable substitution to handle all t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/bfbda7c2d90e1686f51cd0fc4d02d785ab9a9cc0\"\u003e\u003ccode\u003ebfbda7c\u003c/code\u003e\u003c/a\u003e docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.214.0...experimental/v0.219.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `class-validator` from 0.14.4 to 0.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typestack/class-validator/releases\"\u003eclass-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: publish 0.15.0 for real by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2671\"\u003etypestack/class-validator#2671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: publish 0.15.1 by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2672\"\u003etypestack/class-validator#2672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.15.0...v0.15.1\"\u003ehttps://github.com/typestack/class-validator/compare/v0.15.0...v0.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add \u003ccode\u003eIsISO31661Numeric\u003c/code\u003e decorator for country codes by \u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003etypestack/class-validator#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: \u003ccode\u003evalidateIf\u003c/code\u003e for validation options by \u003ca href=\"https://github.com/aoi-umi\"\u003e\u003ccode\u003e@​aoi-umi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003etypestack/class-validator#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: update UUID validation to support versions 1-8, nil, max, and all by \u003ca href=\"https://github.com/PleBea\"\u003e\u003ccode\u003e@​PleBea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003etypestack/class-validator#2647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump vulnerable dependencies by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2669\"\u003etypestack/class-validator#2669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eisISO6391\u003c/code\u003e decorator for language codes by \u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2626\"\u003etypestack/class-validator#2626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(IsIBAN)!: Add \u003ccode\u003eIsIBANOptions\u003c/code\u003e as argument for \u003ccode\u003eIsIBAN\u003c/code\u003e decorator by \u003ca href=\"https://github.com/LiiaMenke\"\u003e\u003ccode\u003e@​LiiaMenke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003etypestack/class-validator#2618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix small grammatical error in README.md by \u003ca href=\"https://github.com/igorrocha\"\u003e\u003ccode\u003e@​igorrocha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003etypestack/class-validator#2596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: release 0.15.0 by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2670\"\u003etypestack/class-validator#2670\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003etypestack/class-validator#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aoi-umi\"\u003e\u003ccode\u003e@​aoi-umi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003etypestack/class-validator#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PleBea\"\u003e\u003ccode\u003e@​PleBea\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003etypestack/class-validator#2647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LiiaMenke\"\u003e\u003ccode\u003e@​LiiaMenke\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003etypestack/class-validator#2618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/igorrocha\"\u003e\u003ccode\u003e@​igorrocha\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003etypestack/class-validator#2596\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.0\"\u003ehttps://github.com/typestack/class-validator/compare/v0.14.4...v0.15.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md\"\u003eclass-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.1\"\u003e0.15.1\u003c/a\u003e (2026-02-26)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded options argument to IsIBAN validator (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003e#2618\u003c/a\u003e), which breaks any existing usage of this decorator that pass an argument to the decorator, e.g. \u003ccode\u003e@IsIBAN({forbidUnknownValues: false})\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated lockfile to patch vulnerabilities (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2669\"\u003e#2669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a small grammatical error in the docs (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003e#2596\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003evalidateIf\u003c/code\u003e option to all validators, providing a lot more flexibility in using conditional validation (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded IsISO31661Numeric validator for country codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003e#2657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded IsISO6391 validator for language codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2626\"\u003e#2626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded more versions to IsUUID validator options. (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003e#2647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/2e1a5c27dbd65b80e27fe96b49bd6e6641fa3603\"\u003e\u003ccode\u003e2e1a5c2\u003c/code\u003e\u003c/a\u003e chore: publish 0.15.1 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2672\"\u003e#2672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/737d2a7d7e40e4f4b4e994ad73bffe880bbe8f5c\"\u003e\u003ccode\u003e737d2a7\u003c/code\u003e\u003c/a\u003e chore: publish 0.15.0 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2671\"\u003e#2671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/8bc5f961cd31c4965e532a7867ed3ed2a90516db\"\u003e\u003ccode\u003e8bc5f96\u003c/code\u003e\u003c/a\u003e chore: release 0.15.0 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2670\"\u003e#2670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/dc41588b82f83544b58216d111af1bfcf6ddd5a6\"\u003e\u003ccode\u003edc41588\u003c/code\u003e\u003c/a\u003e fix small grammatical error in README.md (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2596\"\u003e#2596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/2c0ff5325852f8f8bdeb30377c13ce7c3aec7328\"\u003e\u003ccode\u003e2c0ff53\u003c/code\u003e\u003c/a\u003e feat(IsIBAN): Add IsIBANOptions as argument for IsIBAN decorator (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2618\"\u003e#2618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/e0eaa02e4afd697a3441d2f92fa23fcf6d38fb9b\"\u003e\u003ccode\u003ee0eaa02\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eisISO6391\u003c/code\u003e decorator for language codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2626\"\u003e#2626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/a8b2f6e8b785cba423af9b9c5654543a188cf1ee\"\u003e\u003ccode\u003ea8b2f6e\u003c/code\u003e\u003c/a\u003e chore: bump vulnerable dependencies (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2669\"\u003e#2669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/35e589d22afc8cf4e65886001c67f6f6e6cf0e90\"\u003e\u003ccode\u003e35e589d\u003c/code\u003e\u003c/a\u003e feat: update UUID validation to support versions 1-8, nil, max, and all (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2647\"\u003e#2647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/042fb5783e2cc4255aa6296f102c348f25a759ca\"\u003e\u003ccode\u003e042fb57\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003evalidateIf\u003c/code\u003e to validation options (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/4fcad7b629b04f4ba343ffb91cbcb9f01a1e2f5a\"\u003e\u003ccode\u003e4fcad7b\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eIsISO31661Numeric\u003c/code\u003e decorator for country codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2657\"\u003e#2657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ioredis` from 5.10.0 to 5.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/luin/ioredis/releases\"\u003eioredis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.11.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.11.0...v5.11.1\"\u003e5.11.1\u003c/a\u003e (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003ec84b2ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eparse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e131ee24\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.11.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.1...v5.11.0\"\u003e5.11.0\u003c/a\u003e (2026-05-26)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent RangeError from string accumulation in pipeline (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2088\"\u003e#2088\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/defc07716a9ef10c2077ec4e23ea48cb9ea731fc\"\u003edefc077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated url.parse() with WHATWG URL API (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2081\"\u003e#2081\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0021a4590e286aabbf27f4e2fc18f9d2de829ef0\"\u003e0021a45\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/redis/ioredis/issues/1747\"\u003eredis/ioredis#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003ebaf68d6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e37d0695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Redis MSETEX support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2111\"\u003e#2111\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/04a4615e8e96b9c58d017e360b5eaafede8973d0\"\u003e04a4615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd typed GCRA command support and functional tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2094\"\u003e#2094\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/468a8023cd2c8f342ec7c55a01bf0c8d17e4b877\"\u003e468a802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003eb7b3def\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd xnack command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2103\"\u003e#2103\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/187d29b45000ee46a4baa8ce91eacfa04675aee8\"\u003e187d29b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd zinter zunion count (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2104\"\u003e#2104\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0d510bbc1cfc8b01d862b76c408f6687f6e77809\"\u003e0d510bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003eTracingChannel\u003c/code\u003e support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2089\"\u003e#2089\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4760e0a19c194f29f4feb703003dcf046e4509cd\"\u003e4760e0a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.10.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.10.1\"\u003e5.10.1\u003c/a\u003e (2026-03-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e lazily start sharded subscribers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2090\"\u003e#2090\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4f167bb9f494f0e8200a20dedd8bbdf1810fcd22\"\u003e4f167bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/redis/ioredis/blob/main/CHANGELOG.md\"\u003eioredis's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.11.0...v5.11.1\"\u003e5.11.1\u003c/a\u003e (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003ec84b2ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eparse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e131ee24\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.1...v5.11.0\"\u003e5.11.0\u003c/a\u003e (2026-05-26)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent RangeError from string accumulation in pipeline (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2088\"\u003e#2088\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/defc07716a9ef10c2077ec4e23ea48cb9ea731fc\"\u003edefc077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated url.parse() with WHATWG URL API (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2081\"\u003e#2081\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0021a4590e286aabbf27f4e2fc18f9d2de829ef0\"\u003e0021a45\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/redis/ioredis/issues/1747\"\u003eredis/ioredis#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003ebaf68d6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e37d0695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Redis MSETEX support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2111\"\u003e#2111\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/04a4615e8e96b9c58d017e360b5eaafede8973d0\"\u003e04a4615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd typed GCRA command support and functional tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2094\"\u003e#2094\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/468a8023cd2c8f342ec7c55a01bf0c8d17e4b877\"\u003e468a802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003eb7b3def\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd xnack command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2103\"\u003e#2103\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/187d29b45000ee46a4baa8ce91eacfa04675aee8\"\u003e187d29b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd zinter zunion count (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2104\"\u003e#2104\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0d510bbc1cfc8b01d862b76c408f6687f6e77809\"\u003e0d510bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003eTracingChannel\u003c/code\u003e support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2089\"\u003e#2089\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4760e0a19c194f29f4feb703003dcf046e4509cd\"\u003e4760e0a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.10.1\"\u003e5.10.1\u003c/a\u003e (2026-03-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e lazily start sharded subscribers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2090\"\u003e#2090\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4f167bb9f494f0e8200a20dedd8bbdf1810fcd22\"\u003e4f167bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/fb224a7609b6d25959e06e31fdab2460d1f75691\"\u003e\u003ccode\u003efb224a7\u003c/code\u003e\u003c/a\u003e chore(release): 5.11.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e\u003ccode\u003e131ee24\u003c/code\u003e\u003c/a\u003e fix: parse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003e\u003ccode\u003ec84b2ee\u003c/code\u003e\u003c/a\u003e fix(cluster): reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/14904327fc212d1f592172d776ebe45178fb7ee7\"\u003e\u003ccode\u003e1490432\u003c/code\u003e\u003c/a\u003e chore(release): 5.11.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/5359d4d090c17f2ca1e86d92b139cd935ba4643d\"\u003e\u003ccode\u003e5359d4d\u003c/code\u003e\u003c/a\u003e refactor(utils): inline defaults and isArguments helpers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003e\u003ccode\u003eb7b3def\u003c/code\u003e\u003c/a\u003e feat: add vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/faa53fdfae7f605c19bd74564639640f9d30d404\"\u003e\u003ccode\u003efaa53fd\u003c/code\u003e\u003c/a\u003e ci: update Node.js and Redis test matrix (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2119\"\u003e#2119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e\u003ccode\u003e37d0695\u003c/code\u003e\u003c/a\u003e feat: add increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/612ee9dfe96c1df942eaa415ca94881077191b5c\"\u003e\u003ccode\u003e612ee9d\u003c/code\u003e\u003c/a\u003e chore: update Redis 8.8 test image to custom (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003e\u003ccode\u003ebaf68d6\u003c/code\u003e\u003c/a\u003e feat: add array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.13.3 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `neo4j-driver` from 6.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/releases\"\u003eneo4j-driver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003cp\u003eIntroduces the full, stabilized version of Object Mapping, as well as very simple retries that should make \u003ccode\u003eSession.run()\u003c/code\u003e handle rate-limiting on Aura more gracefully. Alongside a number of minor fixes.\u003c/p\u003e\n\u003ch4\u003e⭐ New Features\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eStabilized Record Object Mapping and introduced Parameter Object Mapping. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1362\"\u003e#1362\u003c/a\u003e \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1407\"\u003e#1407\u003c/a\u003e NOTE: A usage guide can be found in the PR description on \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1407\"\u003e#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd single-shot retry for Idempotent errors on \u003ccode\u003eSession.run()\u003c/code\u003e, these will currently only trigger on errors caused by Aura rate-limiting. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🔧 Fixes\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect TypeScript exports for Record Object Mapping. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1359\"\u003e#1359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove error message for starting work on a busy session. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1363\"\u003e#1363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error handling for unexpected errors in Authentication Provider. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1366\"\u003e#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix issue causing SNI deprecation warnings when correcting to an IP. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1369\"\u003e#1369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEagerly send discard on close if connection is waiting to pull more, solves issue related to corner-case missuse that could make the driver release an unclean connection to the pool. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1403\"\u003e#1403\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not mark Result as consumed when \u003ccode\u003eResult.keys()\u003c/code\u003e is awaited. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1402\"\u003e#1402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🧹 Housekeeping\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eSession.run()\u003c/code\u003e docs with warnings on the auto-commit nature of the function. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1389\"\u003e#1389\u003c/a\u003e \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1390\"\u003e#1390\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs reference to dbms.setTXMetaData which is renamed to tx.setMetaData.\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1408\"\u003e#1408\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/81f7d820a3020d338a2e74fc5534e7ed9213e9fd\"\u003e\u003ccode\u003e81f7d82\u003c/code\u003e\u003c/a\u003e bump deno to 6.1.0 (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1421\"\u003e#1421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/a06109cbf5625bf31b29c15305d8127f449441bb\"\u003e\u003ccode\u003ea06109c\u003c/code\u003e\u003c/a\u003e Pre-release changes to Object Mapping (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1407\"\u003e#1407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/2595d6792634dac69d8aa5fa1b952e972eec32ae\"\u003e\u003ccode\u003e2595d67\u003c/code\u003e\u003c/a\u003e Update docs reference to dbms.setTXMetaData (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1408\"\u003e#1408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/18c681aee1f2abaa8abb08f9cbb6c5601d37e4fe\"\u003e\u003ccode\u003e18c681a\u003c/code\u003e\u003c/a\u003e Result.close() send discard directly if waiting for more (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1403\"\u003e#1403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/a98f9c5ad7df356031bcd9cc1a0b77989c5b2713\"\u003e\u003ccode\u003ea98f9c5\u003c/code\u003e\u003c/a\u003e Add retries for idempotent errors on Session.run() (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1404\"\u003e#1404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/d88417126800a8d92062f42d474b1fbddc472742\"\u003e\u003ccode\u003ed884171\u003c/code\u003e\u003c/a\u003e Development Dependency updates and tightening security (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1405\"\u003e#1405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/6714eba432cf5817f3ddd0e2ca6a1adab49d6cab\"\u003e\u003ccode\u003e6714eba\u003c/code\u003e\u003c/a\u003e Fix error piping in gulpfile (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1406\"\u003e#1406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/2caa88a624fe7e266abc8d95853d2810bc297786\"\u003e\u003ccode\u003e2caa88a\u003c/code\u003e\u003c/a\u003e Expand Record Object Mapping to allow Parameter Mapping (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1362\"\u003e#1362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/6357e659abb1f2581b7ca1777a0777b046721233\"\u003e\u003ccode\u003e6357e65\u003c/code\u003e\u003c/a\u003e do not add \u0026quot;onCompleted\u0026quot; on keys observer (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1402\"\u003e#1402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/1ec186ae47d989bf247d038a0f9c9960c135111d\"\u003e\u003ccode\u003e1ec186a\u003c/code\u003e\u003c/a\u003e TestKit backend: fix BigInt serialization (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1397\"\u003e#1397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/compare/6.0.1...6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pg` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md\"\u003epg's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epg@8.21.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3521\"\u003eSASL SCRAM\u003c/a\u003e server error responses properly.\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3667\"\u003enode@26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003escramMaxIterations\u003c/code\u003e \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3677\"\u003econfig option\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eclient.getTransactionStatus()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3645\"\u003emethod\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/544b1ce8152bc280e398dc1e8a66920abe6a640e\"\u003e\u003ccode\u003e544b1ce\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/cc03fa5cdf0f1e67b2518ebad5cf2269206aa49c\"\u003e\u003ccode\u003ecc03fa5\u003c/code\u003e\u003c/a\u003e Add scramMaxIterations option to limit SCRAM iteration count (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/f776327b3fcdd997c67e866ef7c620ef9c26b3f2\"\u003e\u003ccode\u003ef776327\u003c/code\u003e\u003c/a\u003e Remove compatibility code for unsupported versions of Node (\u0026lt;16) (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3678\"\u003e#3678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/f252870eba73c15449b57562e6698b5859e32095\"\u003e\u003ccode\u003ef252870\u003c/code\u003e\u003c/a\u003e cleanup: pg utils (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/c8da6ab9326d93005e6947217cf665f707e08ec7\"\u003e\u003ccode\u003ec8da6ab\u003c/code\u003e\u003c/a\u003e Assorted test cleanup (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/fa47e73349786c2a76db98801d60c05371b0a906\"\u003e\u003ccode\u003efa47e73\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003eClient#end\u003c/code\u003e callback being called multiple times when first is no-op (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/88a7e60c7191ce8061d6276b299895bf5511e042\"\u003e\u003ccode\u003e88a7e60\u003c/code\u003e\u003c/a\u003e cleanup: Move declaration to more natural place\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/2095247a7b10ebe19cd7d518e07ee2f259dda70a\"\u003e\u003ccode\u003e2095247\u003c/code\u003e\u003c/a\u003e cleanup: Combine duplicated code in \u003ccode\u003eClient#query\u003c/code\u003e and avoid unneeded early n...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/0ac3eddef6481f4e4f9359c65d3c0cfd7d2124e1\"\u003e\u003ccode\u003e0ac3edd\u003c/code\u003e\u003c/a\u003e fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/be880d45552269f0b847a3e568014bde6536eae3\"\u003e\u003ccode\u003ebe880d4\u003c/code\u003e\u003c/a\u003e Assorted test fixes and cleanup (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter` from 0.21.1 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/releases\"\u003etree-sitter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.22.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/compare/v0.22.3...v0.22.4\"\u003ehttps://github.com/tree-sitter/node-tree-sitter/compare/v0.22.3...v0.22.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/3343ab8cf99540caf792eb69a29c243defffa983\"\u003e\u003ccode\u003e3343ab8\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/6d718f90e901e5a4120368ad7e1fa09ded76ce53\"\u003e\u003ccode\u003e6d718f9\u003c/code\u003e\u003c/a\u003e Bump core lib to 0.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/8ff5c15c1fb521a42b192f0139ed8e7b5bc67ed9\"\u003e\u003ccode\u003e8ff5c15\u003c/code\u003e\u003c/a\u003e chore: update \u003ccode\u003eFUNDING.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/558bfd4c509332ff1e749dbbe76fd65501342bf0\"\u003e\u003ccode\u003e558bfd4\u003c/code\u003e\u003c/a\u003e chore: add \u003ccode\u003eFUNDING.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/483e1853edd4e3e228dd0b0b3196d7cb85a4b093\"\u003e\u003ccode\u003e483e185\u003c/code\u003e\u003c/a\u003e 0.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/733a096d6a3bf5750f3f80414f1742289d99fa6c\"\u003e\u003ccode\u003e733a096\u003c/code\u003e\u003c/a\u003e ci(publish): ensure filenames are unique\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/fe9facc48f27ac0f567409e9bce62fe92d3c184e\"\u003e\u003ccode\u003efe9facc\u003c/code\u003e\u003c/a\u003e 0.22.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/8fdbb4cf91aa456ca96d82cad8d56d86e86b559d\"\u003e\u003ccode\u003e8fdbb4c\u003c/code\u003e\u003c/a\u003e ci(publish): correct gh release step\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/424fb657c6db5776008a545ff9b0e0db7714d3a3\"\u003e\u003ccode\u003e424fb65\u003c/code\u003e\u003c/a\u003e docs(readme): fix docs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/e1c57810b91efc6caa6feab1fef62a16c011ee99\"\u003e\u003ccode\u003ee1c5781\u003c/code\u003e\u003c/a\u003e 0.22.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/compare/v0.21.1...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-go` from 0.21.2 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/releases\"\u003etree-sitter-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.gz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/1547678a9da59885853f5f5cc8a99cc203fa2e2c\"\u003e\u003ccode\u003e1547678\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/3f912e94d24fe884d3cfbacf47dd764bdf7aa67f\"\u003e\u003ccode\u003e3f912e9\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/179ca03b3ac7da8ed7466fc4a8b6b445c3c968da\"\u003e\u003ccode\u003e179ca03\u003c/code\u003e\u003c/a\u003e feat: expose statement list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/e25214e92f1e997940a3bd2f3ced2a2ddf7f027f\"\u003e\u003ccode\u003ee25214e\u003c/code\u003e\u003c/a\u003e fix: allow the terminator to be omitted for the last element\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/edea6bf2824e0426277562da521aa07afc814af8\"\u003e\u003ccode\u003eedea6bf\u003c/code\u003e\u003c/a\u003e fix: give index expressions a dynamic precedence of 1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/e1076e566acfa8c1d268f64b3bad27b6d42c52d0\"\u003e\u003ccode\u003ee1076e5\u003c/code\u003e\u003c/a\u003e feat: support generic type aliases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/00a299e703431dfa07680f4e55e260bfc9a4c875\"\u003e\u003ccode\u003e00a299e\u003c/code\u003e\u003c/a\u003e ci: update test failures, use macos-15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/93c2bb6ff269013aea1c5f7f0957881197a9adac\"\u003e\u003ccode\u003e93c2bb6\u003c/code\u003e\u003c/a\u003e build: update bindings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/1496eb74bfd2c5e7c26d6fc711d5135741e5a1fa\"\u003e\u003ccode\u003e1496eb7\u003c/code\u003e\u003c/a\u003e feat: use the new reserved rules api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/c350fa54d38af725c40d061a602ee3205ef1e072\"\u003e\u003ccode\u003ec350fa5\u003c/code\u003e\u003c/a\u003e ci: bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/compare/v0.21.2...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-java` from 0.21.0 to 0.23.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/releases\"\u003etree-sitter-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.23.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/94703d5a6bed02b98e438d7cad1136c01a60ba2c\"\u003e\u003ccode\u003e94703d5\u003c/code\u003e\u003c/a\u003e 0.23.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/de816732671830873ee52a91998a0febb603e012\"\u003e\u003ccode\u003ede81673\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/488557612b44bde9c5e8c3011138992a8e500c90\"\u003e\u003ccode\u003e4885576\u003c/code\u003e\u003c/a\u003e feat: allow reserved identifiers in \u003ccode\u003eelement_value_pair\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/24a58d8aab267e082fcead83c8c54056dd340060\"\u003e\u003ccode\u003e24a58d8\u003c/code\u003e\u003c/a\u003e fix: correct floating point literal parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/33a3868b15007ffd33aa66ab3f46da879db49a12\"\u003e\u003ccode\u003e33a3868\u003c/code\u003e\u003c/a\u003e fix: allow annotations after the \u003ccode\u003eellipsis\u003c/code\u003e in a spread parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/e75fda28779a11d4da5a878c795de8e520e7c9c2\"\u003e\u003ccode\u003ee75fda2\u003c/code\u003e\u003c/a\u003e fix: give \u003ccode\u003eyield\u003c/code\u003e in \u003ccode\u003e_reserved_identifier\u003c/code\u003e a precedence of 0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/04a649d1a0c40e53f946677463d7d8c4e8d6d0db\"\u003e\u003ccode\u003e04a649d\u003c/code\u003e\u003c/a\u003e feat(highlights): add more keywords\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/a1bbe92a6370bb4c15386735fbda12f2b812a923\"\u003e\u003ccode\u003ea1bbe92\u003c/code\u003e\u003c/a\u003e 0.23.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/875834dc197380a1d6a02423a7dbfce566c112d8\"\u003e\u003ccode\u003e875834d\u003c/code\u003e\u003c/a\u003e ci(publish): add attestations and generate parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/68dd78169aa15424d1b595d203beb14c0c6fd65b\"\u003e\u003ccode\u003e68dd781\u003c/code\u003e\u003c/a\u003e ci: bump tree-sitter/setup-action from 1 to 2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/compare/v0.21.0...v0.23.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-javascript` from 0.21.4 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/releases\"\u003etree-sitter-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-javascript.tar.gz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-javascript.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/44c892e0be055ac465d5eeddae6d3e194424e7de\"\u003e\u003ccode\u003e44c892e\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/5f100b023ecbae8cfe304bfe661a4116d457ee63\"\u003e\u003ccode\u003e5f100b0\u003c/code\u003e\u003c/a\u003e docs: clarify targeted ECMAScript version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/2409583e3710cb9eaa3e7556ab2d4e4c6b37885b\"\u003e\u003ccode\u003e2409583\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/39798e26b6d4dbcee8e522b8db83f8b2df33a5ea\"\u003e\u003ccode\u003e39798e2\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eawait\u003c/code\u003e to reserved ident...\n\n_Description has been truncated_","html_url":"https://github.com/MUST-Company-AX-Booster/coderover/pull/105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MUST-Company-AX-Booster%2Fcoderover/issues/105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/105/packages"},{"uuid":"4661023227","node_id":"PR_kwDOS6xlaM7mVA_I","number":7,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T23:37:38.000Z","updated_at":"2026-06-14T23:41:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"ws","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"protobufjs","old_version":"7.5.6","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 3 updates in the /scripts/whatsapp-bridge directory: [qs](https://github.com/ljharb/qs), [ws](https://github.com/websockets/ws) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the / directory: [joi](https://github.com/hapijs/joi) and [esbuild](https://github.com/evanw/esbuild).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.6 to 7.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.4/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f8f64efbfc5b52997beb7549e7ea722704320cb1\"\u003e\u003ccode\u003ef8f64ef\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2330\"\u003e#2330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e\u003ccode\u003e574f761\u003c/code\u003e\u003c/a\u003e fix: Reconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e\u003ccode\u003e06ddd07\u003c/code\u003e\u003c/a\u003e fix: Remove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1d3796d7d29830c73eec792ccbe769be6aa020ac\"\u003e\u003ccode\u003e1d3796d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2317\"\u003e#2317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003e\u003ccode\u003edf91652\u003c/code\u003e\u003c/a\u003e fix: Preserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e\u003ccode\u003e78a9576\u003c/code\u003e\u003c/a\u003e fix: Avoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ec90ef9ccc30fffe6ea9ea37e45781071898229d\"\u003e\u003ccode\u003eec90ef9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003e\u003ccode\u003ea92f72e\u003c/code\u003e\u003c/a\u003e fix: Backport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xegheplimo-web/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/xegheplimo-web/hermes-agent/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xegheplimo-web%2Fhermes-agent/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4654358587","node_id":"PR_kwDOSSu8zc7mA-AI","number":20,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T04:32:05.000Z","updated_at":"2026-06-13T04:34:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/WEeziel172/fjorm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/WEeziel172/fjorm/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WEeziel172%2Ffjorm/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4654286353","node_id":"PR_kwDOPMRea87mAwK5","number":43,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-14T05:10:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T04:05:14.000Z","updated_at":"2026-06-14T05:10:27.000Z","time_to_close":90311,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":15,"packages":[{"name":"svelte","old_version":"5.28.2","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"vitest","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"ws","old_version":"8.18.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"next","old_version":"15.3.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"1.9.0","new_version":"1.17.0","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"shell-quote","old_version":"1.8.2","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the /code directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.28.2` | `5.55.7` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `3.2.6` |\n| [ws](https://github.com/websockets/ws) | `8.18.1` | `8.20.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [next](https://github.com/vercel/next.js) | `15.3.1` | `15.5.18` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.17.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.8` |\n| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.2` | `1.8.4` |\n\nBumps the npm_and_yarn group with 7 updates in the /scripts directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `3.2.6` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.17.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.25.0` | `3.36.0` |\n\n\nUpdates `svelte` from 5.28.2 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 3.2.4 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin last supported vite-node version  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d05\"\u003e\u003c!-- raw HTML omitted --\u003e(16f12)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.5...v3.2.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10445\"\u003evitest-dev/vitest#10445\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d\"\u003e\u003c!-- raw HTML omitted --\u003e(af88b)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10456\"\u003evitest-dev/vitest#10456\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd\"\u003e\u003c!-- raw HTML omitted --\u003e(385a1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.4...v3.2.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/b6d56f8171ae814ee7571df63a35a0da5203dbaa\"\u003e\u003ccode\u003eb6d56f8\u003c/code\u003e\u003c/a\u003e chore: release v3.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d0585677f6a32bcb3dd01fa61c140e2588\"\u003e\u003ccode\u003e16f120d\u003c/code\u003e\u003c/a\u003e fix: pin last supported vite-node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/2cbad0a923c48c6144266df3cd25f93547cb5221\"\u003e\u003ccode\u003e2cbad0a\u003c/code\u003e\u003c/a\u003e chore: release v3.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd4c2bfa5e7d58bf7c6834c929969f2c7\"\u003e\u003ccode\u003e385a1ae\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8\"\u003e\u003ccode\u003eaf88b1f\u003c/code\u003e\u003c/a\u003e feat(api): add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.3.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.3.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.9.0 to 1.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.0 — June 1, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfig Hardening:\u003c/strong\u003e Guarded \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003eparams\u003c/code\u003e, and \u003ccode\u003eparamsSerializer\u003c/code\u003e reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease Publishing:\u003c/strong\u003e Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10926\"\u003e#10926\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Compression:\u003c/strong\u003e Added Node HTTP adapter support for zstd response decompression, with \u003ccode\u003etransitional.advertiseZstdAcceptEncoding\u003c/code\u003e controlling whether \u003ccode\u003ezstd\u003c/code\u003e is advertised in \u003ccode\u003eAccept-Encoding\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10920\"\u003e#10920\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Handling:\u003c/strong\u003e Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy TLS:\u003c/strong\u003e Preserved user \u003ccode\u003ehttpsAgent\u003c/code\u003e TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native FormData:\u003c/strong\u003e Cleared default \u003ccode\u003eContent-Type\u003c/code\u003e for React Native \u003ccode\u003eFormData\u003c/code\u003e so multipart boundaries can be generated correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10898\"\u003e#10898\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10875\"\u003e#10875\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Data Merging:\u003c/strong\u003e Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBundler Compatibility:\u003c/strong\u003e Converted \u003ccode\u003eresolveConfig\u003c/code\u003e from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Corrected \u003ccode\u003eAxiosHeaders.toJSON()\u003c/code\u003e return types and updated CommonJS \u003ccode\u003eisCancel\u003c/code\u003e typings to narrow to \u003ccode\u003eCanceledError\u0026lt;T\u0026gt;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBuild Tooling:\u003c/strong\u003e Avoided emitting a null \u003ccode\u003eAuthorization\u003c/code\u003e header from the GitHub build helper when \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e is unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 Internals:\u003c/strong\u003e Extracted \u003ccode\u003eHttp2Sessions\u003c/code\u003e into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Publishing:\u003c/strong\u003e Reduced published package size by switching to a \u003ccode\u003efiles\u003c/code\u003e allowlist and dropping unneeded unminified bundle source maps. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI and Release Automation:\u003c/strong\u003e Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10907\"\u003e#10907\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10911\"\u003e#10911\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10916\"\u003e#10916\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10927\"\u003e#10927\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10935\"\u003e#10935\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeveloper Workflow:\u003c/strong\u003e Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10925\"\u003e#10925\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10914\"\u003e#10914\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation and Policy:\u003c/strong\u003e Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10890\"\u003e#10890\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10889\"\u003e#10889\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10921\"\u003e#10921\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10945\"\u003e#10945\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10933\"\u003e#10933\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10915\"\u003e#10915\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10887\"\u003e#10887\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10955\"\u003e#10955\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, \u003ccode\u003efs-extra\u003c/code\u003e, \u003ccode\u003eqs\u003c/code\u003e, docs dependencies, and GitHub Actions dependencies including \u003ccode\u003eactions/dependency-review-action\u003c/code\u003e and \u003ccode\u003ezizmorcore/zizmor-action\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10871\"\u003e#10871\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10879\"\u003e#10879\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10918\"\u003e#10918\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10919\"\u003e#10919\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10934\"\u003e#10934\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10947\"\u003e#10947\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/BasixKOR\"\u003e\u003ccode\u003e@​BasixKOR\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/carladams1299-lab\"\u003e\u003ccode\u003e@​carladams1299-lab\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/LaplaceYoung\"\u003e\u003ccode\u003e@​LaplaceYoung\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/JamieMagee\"\u003e\u003ccode\u003e@​JamieMagee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/RonGamzu\"\u003e\u003ccode\u003e@​RonGamzu\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sapirbaruch\"\u003e\u003ccode\u003e@​sapirbaruch\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nezukoagent\"\u003e\u003ccode\u003e@​nezukoagent\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Mohammad-Faiz-Cloud-Engineer\"\u003e\u003ccode\u003e@​Mohammad-Faiz-Cloud-Engineer\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/azandabot\"\u003e\u003ccode\u003e@​azandabot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/niksy\"\u003e\u003ccode\u003e@​niksy\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.1...v1.17.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.0 — June 1, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfig Hardening:\u003c/strong\u003e Guarded \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003eparams\u003c/code\u003e, and \u003ccode\u003eparamsSerializer\u003c/code\u003e reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease Publishing:\u003c/strong\u003e Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10926\"\u003e#10926\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Compression:\u003c/strong\u003e Added Node HTTP adapter support for zstd response decompression, with \u003ccode\u003etransitional.advertiseZstdAcceptEncoding\u003c/code\u003e controlling whether \u003ccode\u003ezstd\u003c/code\u003e is advertised in \u003ccode\u003eAccept-Encoding\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10920\"\u003e#10920\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Handling:\u003c/strong\u003e Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy TLS:\u003c/strong\u003e Preserved user \u003ccode\u003ehttpsAgent\u003c/code\u003e TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native FormData:\u003c/strong\u003e Cleared default \u003ccode\u003eContent-Type\u003c/code\u003e for React Native \u003ccode\u003eFormData\u003c/code\u003e so multipart boundaries can be generated correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10898\"\u003e#10898\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10875\"\u003e#10875\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Data Merging:\u003c/strong\u003e Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBundler Compatibility:\u003c/strong\u003e Converted \u003ccode\u003eresolveConfig\u003c/code\u003e from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Corrected \u003ccode\u003eAxiosHeaders.toJSON()\u003c/code\u003e return types and updated CommonJS \u003ccode\u003eisCancel\u003c/code\u003e typings to narrow to \u003ccode\u003eCanceledError\u0026lt;T\u0026gt;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBuild Tooling:\u003c/strong\u003e Avoided emitting a null \u003ccode\u003eAuthorization\u003c/code\u003e header from the GitHub build helper when \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e is unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 Internals:\u003c/strong\u003e Extracted \u003ccode\u003eHttp2Sessions\u003c/code\u003e into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Publishing:\u003c/strong\u003e Reduced published package size by switching to a \u003ccode\u003efiles\u003c/code\u003e allowlist and dropping unneeded unminified bundle source maps. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI and Release Automation:\u003c/strong\u003e Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10907\"\u003e#10907\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10911\"\u003e#10911\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10916\"\u003e#10916\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10927\"\u003e#10927\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10935\"\u003e#10935\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeveloper Workflow:\u003c/strong\u003e Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10925\"\u003e#10925\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10914\"\u003e#10914\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation and Policy:\u003c/strong\u003e Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10890\"\u003e#10890\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10889\"\u003e#10889\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10921\"\u003e#10921\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10945\"\u003e#10945\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10933\"\u003e#10933\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10915\"\u003e#10915\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10887\"\u003e#10887\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10955\"\u003e#10955\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, \u003ccode\u003efs-extra\u003c/code\u003e, \u003ccode\u003eqs\u003c/code\u003e, docs dependencies, and GitHub Actions dependencies including \u003ccode\u003eactions/dependency-review-action\u003c/code\u003e and \u003ccode\u003ezizmorcore/zizmor-action\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10871\"\u003e#10871\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10879\"\u003e#10879\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10918\"\u003e#10918\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10919\"\u003e#10919\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10934\"\u003e#10934\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10947\"\u003e#10947\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/BasixKOR\"\u003e\u003ccode\u003e@​BasixKOR\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/carladams1299-lab\"\u003e\u003ccode\u003e@​carladams1299-lab\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/LaplaceYoung\"\u003e\u003ccode\u003e@​LaplaceYoung\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/JamieMagee\"\u003e\u003ccode\u003e@​JamieMagee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/RonGamzu\"\u003e\u003ccode\u003e@​RonGamzu\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sapirbaruch\"\u003e\u003ccode\u003e@​sapirbaruch\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nezukoagent\"\u003e\u003ccode\u003e@​nezukoagent\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Mohammad-Faiz-Cloud-Engineer\"\u003e\u003ccode\u003e@​Mohammad-Faiz-Cloud-Engineer\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/azandabot\"\u003e\u003ccode\u003e@​azandabot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/niksy\"\u003e\u003ccode\u003e@​niksy\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.1...v1.17.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4306df21e84332fc576e98c2de549347c06bfb76\"\u003e\u003ccode\u003e4306df2\u003c/code\u003e\u003c/a\u003e chore: add fun 88 sponsorship\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/931cc8f0106db4c9885403f85364b9e09ae1f6dc\"\u003e\u003ccode\u003e931cc8f\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.17.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/38ba1b3d2b0aa5ada0463a37a548feb83a84dfa1\"\u003e\u003ccode\u003e38ba1b3\u003c/code\u003e\u003c/a\u003e fix(fetch): support basic auth from URL (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/32e2515f1e09b649723e4acd89d920df13eee77e\"\u003e\u003ccode\u003e32e2515\u003c/code\u003e\u003c/a\u003e fix: replace ternary side effect in script (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/030e7223831b0f562af3eb7501b24242c8a4c5ba\"\u003e\u003ccode\u003e030e722\u003c/code\u003e\u003c/a\u003e chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ec63164ac6b7a1fcd6b742a8628d3fffe23ce001\"\u003e\u003ccode\u003eec63164\u003c/code\u003e\u003c/a\u003e chore: remove openspec (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3dec28f94ce29d396d5f2d9718805b47428dc7ab\"\u003e\u003ccode\u003e3dec28f\u003c/code\u003e\u003c/a\u003e fix(http): preserve TLS options for proxy tunnels (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a2390a5c059342bcac2a5297728181dd9939f562\"\u003e\u003ccode\u003ea2390a5\u003c/code\u003e\u003c/a\u003e fix: correct isCancel type to narrow to CanceledError\u0026lt;T\u0026gt; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fa01b9255d71e72599826428bc6c60f34994c6ce\"\u003e\u003ccode\u003efa01b92\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2d2314a1ac29ce6723eb53e130b4a36617fd201c\"\u003e\u003ccode\u003e2d2314a\u003c/code\u003e\u003c/a\u003e fix: AxiosHeaders \u003ccode\u003etoJSON()\u003c/code\u003e return types (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your cu...\n\n_Description has been truncated_","html_url":"https://github.com/XavierMP14/storybook/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/XavierMP14%2Fstorybook/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"4654283184","node_id":"PR_kwDOOmh4pc7mAvnF","number":59,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T04:04:12.000Z","updated_at":"2026-06-13T04:04:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dustin4444/ecosystem/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/Dustin4444/ecosystem/59)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/Dustin4444/ecosystem/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dustin4444%2Fecosystem/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"},{"uuid":"4654265962","node_id":"PR_kwDOPtV_vM7mAsGw","number":3053,"state":"closed","title":"build(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-13T05:44:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T03:58:41.000Z","updated_at":"2026-06-13T05:44:58.000Z","time_to_close":6368,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-mercato/open-mercato/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/open-mercato/open-mercato/pull/3053","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-mercato%2Fopen-mercato/issues/3053","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3053/packages"},{"uuid":"4654251340","node_id":"PR_kwDOQOf95c7mApFg","number":28,"state":"open","title":"Bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T03:53:57.000Z","updated_at":"2026-06-13T03:54:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alialobidm/account-kit-expo-quickstart/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alialobidm/account-kit-expo-quickstart/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alialobidm%2Faccount-kit-expo-quickstart/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"},{"uuid":"4654116703","node_id":"PR_kwDOKJkRzc7mANf2","number":208,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-13T06:23:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T03:13:23.000Z","updated_at":"2026-06-13T06:23:32.000Z","time_to_close":11400,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":4,"packages":[{"name":"turbo","old_version":"1.13.4","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"vm2","old_version":"3.11.3","new_version":"3.11.5","repository_url":"https://github.com/patriksimek/vm2"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the / directory: [turbo](https://github.com/vercel/turborepo), [joi](https://github.com/hapijs/joi), [shell-quote](https://github.com/ljharb/shell-quote) and [vm2](https://github.com/patriksimek/vm2).\n\nUpdates `turbo` from 1.13.4 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/blob/main/RELEASE.md\"\u003eturbo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Documentation\u003c/h1\u003e\n\u003ch2\u003eQuick Start\u003c/h2\u003e\n\u003ch3\u003eAutomated Canary Releases\u003c/h3\u003e\n\u003cp\u003eCanary releases run on an hourly schedule via the [Release workflow][1]:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eRuns every hour via cron, skipping if no relevant files (\u003ccode\u003ecrates/\u003c/code\u003e, \u003ccode\u003epackages/\u003c/code\u003e, \u003ccode\u003ecli/\u003c/code\u003e) changed since the last canary tag\u003c/li\u003e\n\u003cli\u003eSkips if the latest commit is a release PR merge (to avoid releasing the version bump itself)\u003c/li\u003e\n\u003cli\u003ePublishes to npm with the \u003ccode\u003ecanary\u003c/code\u003e tag\u003c/li\u003e\n\u003cli\u003eOpens a PR with auto-merge enabled to merge the version bump back to \u003ccode\u003emain\u003c/code\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eNo manual intervention required for canary releases.\u003c/p\u003e\n\u003ch3\u003eManual Releases (Stable/Custom)\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eCreate a release by triggering the [Turborepo Release][1] workflow\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor stable releases, use \u003ccode\u003epatch\u003c/code\u003e, \u003ccode\u003eminor\u003c/code\u003e, or \u003ccode\u003emajor\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFor custom pre-releases, use \u003ccode\u003eprepatch\u003c/code\u003e, \u003ccode\u003epreminor\u003c/code\u003e, or \u003ccode\u003epremajor\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCheck the \u0026quot;Dry Run\u0026quot; box to test the workflow without publishing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA PR is automatically opened to merge the release branch back into \u003ccode\u003emain\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMerge this promptly to avoid conflicts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3\u003eRelease \u003ccode\u003e@turbo/repository\u003c/code\u003e\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eRun [\u003ccode\u003ebump-version.sh\u003c/code\u003e][4] to update the versions of the packages. Merge in the changes to \u003ccode\u003emain\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCreate a release by triggering the [Turborepo Library Release][5] workflow.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCheck the \u0026quot;Dry Run\u0026quot; box to run the full release workflow without publishing any packages.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3\u003eNotes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Release Notes are published automatically using the config from [\u003ccode\u003eturborepo-release.yml\u003c/code\u003e][2],\ntriggered by the [\u003ccode\u003eturbo-orchestrator\u003c/code\u003e][3] bot.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eTurborepo CLI Release Process - In-Depth Guide\u003c/h2\u003e\n\u003cp\u003eThis section provides comprehensive documentation on how the Turborepo CLI is released, including the architecture, workflows, and detailed step-by-step processes.\u003c/p\u003e\n\u003ch3\u003eTable of Contents\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#architecture-overview\"\u003eArchitecture Overview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#automated-canary-releases\"\u003eAutomated Canary Releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#version-management\"\u003eVersion Management\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#release-workflow-stages\"\u003eRelease Workflow Stages\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#packages-released\"\u003ePackages Released\u003c/a\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v1.13.4...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.13.3 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vm2` from 3.11.3 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/releases\"\u003evm2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — Restore \u003ccode\u003eutil.inspect\u003c/code\u003e output on Node 26+. \u003ccode\u003econsole.log(vm.run(...))\u003c/code\u003e was rendering as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e / \u003ccode\u003eProxy(Proxy([]))\u003c/code\u003e instead of the underlying value. Triggered by Node 26's stricter handling of nested proxies in the inspector.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Restore array iteration on \u003ccode\u003evm.freeze()\u003c/code\u003e'd host arrays. Calling \u003ccode\u003e.map()\u003c/code\u003e / \u003ccode\u003e.filter()\u003c/code\u003e / \u003ccode\u003e.forEach()\u003c/code\u003e etc. inside the sandbox on a frozen host object containing arrays threw\n\u003ccode\u003eTypeError: 'isExtensible' on proxy: trap result does not reflect extensibility of proxy target\u003c/code\u003e. Regression from the 3.11.0 proxy-invariant hardening.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/pull/568\"\u003e#568\u003c/a\u003e\u003c/strong\u003e — Fix \u003ccode\u003e.node\u003c/code\u003e extension handler key in \u003ccode\u003elib/resolver.js\u003c/code\u003e (the key was \u003ccode\u003e' .node'\u003c/code\u003e with a leading space, so native addon resolution silently fell through to the default path). Thanks to \u003ca href=\"https://github.com/cherr-cc\"\u003e\u003ccode\u003e@​cherr-cc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cp\u003eDrop-in replacement for 3.11.4. No API or configuration changes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.4\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — Bridge \u003ccode\u003eset\u003c/code\u003e trap ignoring ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e, letting \u003ccode\u003eObject.create(hostObj)\u003c/code\u003e children and \u003ccode\u003eReflect.set(hostObj, k, v, custom)\u003c/code\u003e writes leak onto the host object (write-channel → RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — Cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e namespace leak + missing dangerous-symbol guards on the bridge's write traps (\u003ccode\u003eset\u003c/code\u003e / \u003ccode\u003edefineProperty\u003c/code\u003e / \u003ccode\u003edeleteProperty\u003c/code\u003e), enabling sandbox-installed \u003ccode\u003enodejs.util.promisify.custom\u003c/code\u003e / stream brand / webstream hooks on host objects (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — Host prototype mutation via \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection through \u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e setter, severing host intrinsic prototype chains and escaping via \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e violation in \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file): sandbox-installed \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter / \u003ccode\u003eArray.prototype.join\u003c/code\u003e override could observe bridge-internal stack-trace state.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in \u003ccode\u003elocalPromise\u003c/code\u003e's swallow-tail, hijacking the downstream child constructor to capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability and reach a raw host-realm error → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: any truthy \u003ccode\u003enesting\u003c/code\u003e paired with a non-real-config \u003ccode\u003erequire\u003c/code\u003e produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — WebAssembly JSPI (\u003ccode\u003eWebAssembly.promising\u003c/code\u003e / \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e, Node 24+ behind a flag, Node 26+ default) producing Promise objects with a host-realm \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain and no bridge interposition; species hijack delivers a raw host-realm rejection to sandbox \u003ccode\u003e.catch\u003c/code\u003e → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of allow/deny config) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Supersedes GHSA-947f-4v7f-x2v8.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposing Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, \u003ccode\u003e_tls_*\u003c/code\u003e, \u003ccode\u003e_stream_*\u003c/code\u003e) even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfacing four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state of the entire host process rather than sandbox-local state — HTTP header / async-context / perf-mark / heap-snapshot exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/blob/main/docs/ATTACKS.md\"\u003e\u003ccode\u003edocs/ATTACKS.md\u003c/code\u003e\u003c/a\u003e extended through Category 35, plus two new Defense Invariants: \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e\u003c/strong\u003e (\u0026quot;No sandbox-visible object has a host-realm prototype chain without bridge interposition\u0026quot;) and \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e\u003c/strong\u003e (\u0026quot;The NodeVM builtin allowlist is a closed system\u0026quot;).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e. Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo other valid configurations are affected.\u003c/strong\u003e Embedders who explicitly listed any of \u003ccode\u003eprocess\u003c/code\u003e / \u003ccode\u003einspector\u003c/code\u003e / \u003ccode\u003eworker_threads\u003c/code\u003e / \u003ccode\u003ecluster\u003c/code\u003e / \u003ccode\u003evm\u003c/code\u003e / \u003ccode\u003erepl\u003c/code\u003e / \u003ccode\u003emodule\u003c/code\u003e / \u003ccode\u003etrace_events\u003c/code\u003e / \u003ccode\u003ewasi\u003c/code\u003e / \u003ccode\u003ediagnostics_channel\u003c/code\u003e / \u003ccode\u003easync_hooks\u003c/code\u003e / \u003ccode\u003eperf_hooks\u003c/code\u003e / \u003ccode\u003ev8\u003c/code\u003e in \u003ccode\u003ebuiltin\u003c/code\u003e were already running an unsandboxed sandbox; those names now throw at load time and can be re-introduced as safe wrappers via \u003ccode\u003emock\u003c/code\u003e / \u003ccode\u003eoverride\u003c/code\u003e / \u003ccode\u003eSPECIAL_MODULES\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/blob/main/CHANGELOG.md\"\u003evm2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.11.5]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — \u003ccode\u003eutil.inspect\u003c/code\u003e of \u003ccode\u003evm.run(...)\u003c/code\u003e results rendered as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e on Node 26+. Install \u003ccode\u003enodejs.util.inspect.custom\u003c/code\u003e on host-side proxy targets so the inspect output reflects the underlying shape.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Array iteration methods on a \u003ccode\u003evm.freeze()\u003c/code\u003e-d host array threw an \u003ccode\u003e'isExtensible' on proxy\u003c/code\u003e invariant error (regression from the GHSA-grj5-jjm8-h35p species defense). Align the ReadOnly proxy target's extensibility with its trap result and skip species neutralization on the host→sandbox apply path.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.4]\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — bridge escape via \u003ccode\u003eBaseHandler.set\u003c/code\u003e ignoring the ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e argument; \u003ccode\u003eObject.create(hostProxy).x = v\u003c/code\u003e and \u003ccode\u003eReflect.set(hostProxy, k, v, sandboxObj)\u003c/code\u003e wrote through to the host object instead of installing on the receiver, turning every embedder-exposed host object into a sandbox write channel. Receiver-gated install-on-receiver fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e mirroring \u003ccode\u003eReadOnlyHandler.set\u003c/code\u003e. See ATTACKS.md Category 32 and \u003ccode\u003etest/ghsa/GHSA-c4cf-2hgv-2qv6/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — sandbox escape via unblocked cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e keys plus missing dangerous-symbol guards on the bridge's write traps. Two-layer structural fix: \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e denies the entire \u003ccode\u003enodejs.\u003c/code\u003e namespace at \u003ccode\u003eSymbol.for\u003c/code\u003e and aligns the read-side filters with the full 9-symbol cache, and \u003ccode\u003elib/bridge.js\u003c/code\u003e extends \u003ccode\u003eisDangerousCrossRealmSymbol\u003c/code\u003e and applies it to the \u003ccode\u003eset\u003c/code\u003e/\u003ccode\u003edefineProperty\u003c/code\u003e/\u003ccode\u003edeleteProperty\u003c/code\u003e traps. See ATTACKS.md Category 8 / Category 20 (both extended) and \u003ccode\u003etest/ghsa/GHSA-m5q2-4fm3-vfqp/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — host prototype mutation via apply-trap indirection. Sandbox code could reach host prototype-mutating setters (\u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e, \u003ccode\u003esetPrototypeOf\u003c/code\u003e, \u003ccode\u003edefineProperty\u003c/code\u003e, \u003ccode\u003e__defineSetter__\u003c/code\u003e/\u003ccode\u003e__defineGetter__\u003c/code\u003e) through \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection, sever a host intrinsic's prototype chain, and escape via the bridge's \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough. Two-layer structural fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e (apply-trap blocklist + cache check before proto-walk). See ATTACKS.md Category 30 and \u003ccode\u003etest/ghsa/GHSA-v6mx-mf47-r5wg/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e hardening for \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file). The sandbox stack-trace formatter accumulated frames in a sandbox-realm array and \u003ccode\u003e.join\u003c/code\u003e-ed them, so a sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e (or \u003ccode\u003e.join\u003c/code\u003e override) observed bridge-internal state — no host reference reachable today, but one enrichment away from regressing into the GHSA-9qj6 RCE shape. Fixed in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e by folding frames through a primitive string accumulator (no \u003ccode\u003eArray.prototype\u003c/code\u003e slot reachable) and converting \u003ccode\u003emakeCallSiteGetters\u003c/code\u003e to \u003ccode\u003elocalReflectDefineProperty\u003c/code\u003e for symmetry. See ATTACKS.md Category 28 Variant B and \u003ccode\u003etest/ghsa/GHSA-q3fm-4wcw-g57x/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in the \u003ccode\u003elocalPromise\u003c/code\u003e swallow tail. The swallow-tail \u003ccode\u003eapply(globalPromisePrototypeThen, this, [...])\u003c/code\u003e call inside \u003ccode\u003elocalPromise\u003c/code\u003e's constructor invoked the cached host \u003ccode\u003ePromise.prototype.then\u003c/code\u003e without first calling \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e, so a sandbox subclass overriding \u003ccode\u003e[Symbol.species]\u003c/code\u003e could redirect the downstream child constructor to a user function and capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability — delivering a raw host-realm error (RangeError from deep recursion + \u003ccode\u003ee.stack\u003c/code\u003e) to a sandbox collector and reaching the host \u003ccode\u003eFunction\u003c/code\u003e constructor via \u003ccode\u003e.constructor.constructor\u003c/code\u003e. One-line fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e adds the missing \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e before the swallow-tail call, matching the pattern already used by the \u003ccode\u003e.then\u003c/code\u003e/\u003ccode\u003e.catch\u003c/code\u003e/\u003ccode\u003eReflect.apply\u003c/code\u003e overrides. See ATTACKS.md Category 31 and \u003ccode\u003etest/ghsa/GHSA-76w7-j9cq-rx2j/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: a truthy \u003ccode\u003enesting\u003c/code\u003e paired with anything other than a real \u003ccode\u003erequire\u003c/code\u003e config object produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE. Structural fix in \u003ccode\u003elib/nodevm.js\u003c/code\u003e: destructure first, then reject at construction whenever \u003ccode\u003enesting\u003c/code\u003e is truthy and \u003ccode\u003erequireOpts\u003c/code\u003e is not a non-null object or \u003ccode\u003eResolver\u003c/code\u003e. Supersedes GHSA-8hg8-63c5-gwmx. See ATTACKS.md Category 25 and \u003ccode\u003etest/ghsa/GHSA-m4wx-m65x-ghrr/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — sandbox escape via WebAssembly JSPI (Node 24 behind \u003ccode\u003e--experimental-wasm-jspi\u003c/code\u003e, Node 26+ default). \u003ccode\u003eWebAssembly.promising\u003c/code\u003e returns Promise objects whose \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain points directly at the host realm's \u003ccode\u003ePromise.prototype\u003c/code\u003e with no bridge proxy in between, so \u003ccode\u003ep.finally()\u003c/code\u003e reaches host \u003ccode\u003ePromise.prototype.finally\u003c/code\u003e, V8's \u003ccode\u003eSpeciesConstructor\u003c/code\u003e reads an attacker-controlled \u003ccode\u003ep.constructor\u003c/code\u003e getter, and the eventual host-realm rejection is dispatched through the attacker's class with no bridge wrapping — \u003ccode\u003ee.constructor.constructor('return process')()\u003c/code\u003e then evaluates in the host realm. Structural fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: delete \u003ccode\u003eWebAssembly.promising\u003c/code\u003e and \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e at sandbox bootstrap, mirroring the existing \u003ccode\u003eWebAssembly.JSTag\u003c/code\u003e removal. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e (no sandbox-visible object may have a host-realm prototype chain without bridge interposition). See ATTACKS.md Category 33 and \u003ccode\u003etest/ghsa/GHSA-6j2x-vhqr-qr7q/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e and \u003ccode\u003einspector/promises\u003c/code\u003e. The exact-match denylist in \u003ccode\u003elib/builtin.js\u003c/code\u003e missed two host-passthrough families: \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of the embedder's allow/deny configuration) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Structural fix promotes the check to family-prefix via \u003ccode\u003eisDangerousBuiltin(key)\u003c/code\u003e, strips the \u003ccode\u003enode:\u003c/code\u003e URL prefix, and adds \u003ccode\u003eprocess\u003c/code\u003e to the dangerous set — enforced at both \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e source and \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e. Supersedes GHSA-947f-4v7f-x2v8. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e. See ATTACKS.md Category 21 (extended) and \u003ccode\u003etest/ghsa/GHSA-rp36-8xq3-r6c4/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposed Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, the \u003ccode\u003e_http_*\u003c/code\u003e / \u003ccode\u003e_tls_*\u003c/code\u003e / \u003ccode\u003e_stream_*\u003c/code\u003e siblings), letting sandbox code make outbound HTTP requests and open listening sockets even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6). Structural fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter now excludes any name starting with \u003ccode\u003e_\u003c/code\u003e, so \u003ccode\u003e'*'\u003c/code\u003e expands only to documented public builtins; explicit opt-in, \u003ccode\u003emock\u003c/code\u003e, and \u003ccode\u003eoverride\u003c/code\u003e paths remain functional. See ATTACKS.md Category 34 and \u003ccode\u003etest/ghsa/GHSA-r9pm-gxmw-wv6p/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfaced four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state from the entire host process rather than the sandbox: HTTP \u003ccode\u003eIncomingMessage\u003c/code\u003e headers (incl. auth tokens) via \u003ccode\u003ediagnostics_channel.subscribe\u003c/code\u003e, embedder \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e context via \u003ccode\u003easync_hooks.executionAsyncResource\u003c/code\u003e, embedder \u003ccode\u003eperformance.mark\u003c/code\u003e labels via \u003ccode\u003eperf_hooks\u003c/code\u003e, and the full V8 heap via \u003ccode\u003ev8.getHeapSnapshot\u003c/code\u003e / \u003ccode\u003ev8.queryObjects\u003c/code\u003e. Fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: extends \u003ccode\u003eDANGEROUS_BUILTINS\u003c/code\u003e with the four names, reusing the existing two-layer enforcement (\u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter + \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e rejection, family-prefix and \u003ccode\u003enode:\u003c/code\u003e-normalised via \u003ccode\u003eisDangerousBuiltin\u003c/code\u003e). \u003ccode\u003emock\u003c/code\u003e/\u003ccode\u003eoverride\u003c/code\u003e escape hatches preserved. See ATTACKS.md Category 35 and \u003ccode\u003etest/ghsa/GHSA-9g8x-92q2-p28f/\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUpgrade notes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e entirely, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e (\u003ccode\u003e1\u003c/code\u003e/\u003ccode\u003e'yes'\u003c/code\u003e/\u003ccode\u003e{}\u003c/code\u003e/\u003ccode\u003e[]\u003c/code\u003e/function). Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/7a1f5100b96f48d34e0fe104ab37c0acc5944f92\"\u003e\u003ccode\u003e7a1f510\u003c/code\u003e\u003c/a\u003e Fix .node typo (\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/568\"\u003e#568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/fac7fb43ad1d9765ed42734410f069b6ee17e34e\"\u003e\u003ccode\u003efac7fb4\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/2da83ed2f4b4e174ed086e8a53d1c5da11609d91\"\u003e\u003ccode\u003e2da83ed\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e): restore array iteration on vm.freeze()'d host arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/51cc4bc2e6e12439b306f0266b6171e3805a2f38\"\u003e\u003ccode\u003e51cc4bc\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e): restore util.inspect output on Node 26+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/27354d56563b0acb54eb9dd92edbc167612b9d4b\"\u003e\u003ccode\u003e27354d5\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/59ccba9a508e96acb486e2c04666b998f95e17e1\"\u003e\u003ccode\u003e59ccba9\u003c/code\u003e\u003c/a\u003e feat: add merge-fix skill for integrating confirmed vulnerability fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7\"\u003e\u003ccode\u003e86ab819\u003c/code\u003e\u003c/a\u003e fix(GHSA-m4wx-m65x-ghrr): widen NESTING_OVERRIDE guard to all input shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb\"\u003e\u003ccode\u003ee1c48fc\u003c/code\u003e\u003c/a\u003e fix(GHSA-9g8x-92q2-p28f): deny process-wide observability builtins in NodeVM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1\"\u003e\u003ccode\u003e436053e\u003c/code\u003e\u003c/a\u003e fix(GHSA-r9pm-gxmw-wv6p): exclude underscored builtins from NodeVM '*' wildca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b\"\u003e\u003ccode\u003ea1ed47a\u003c/code\u003e\u003c/a\u003e fix(GHSA-rp36-8xq3-r6c4): close NodeVM builtin denylist bypass via process/in...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smileidentity/react-native-v11/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/smileidentity/react-native-v11/pull/208","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smileidentity%2Freact-native-v11/issues/208","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/208/packages"},{"uuid":"4654100452","node_id":"PR_kwDOJdzsWs7mAKN2","number":537,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T03:08:38.000Z","updated_at":"2026-06-13T03:08:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/karpatkey/defi-kit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/karpatkey/defi-kit/pull/537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/karpatkey%2Fdefi-kit/issues/537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/537/packages"},{"uuid":"4654060587","node_id":"PR_kwDOGswo787mACa_","number":521,"state":"open","title":"build(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T02:57:10.000Z","updated_at":"2026-06-13T02:59:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PCSX2/pcsx2-net-www/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PCSX2/pcsx2-net-www/pull/521","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PCSX2%2Fpcsx2-net-www/issues/521","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/521/packages"},{"uuid":"4654005452","node_id":"PR_kwDOAceYB87l_3IZ","number":2048,"state":"closed","title":"Bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["CLA Signed","Merged","dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-15T17:47:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T02:38:06.000Z","updated_at":"2026-06-15T17:47:59.000Z","time_to_close":227383,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/facebook/infer/pull/2048","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebook%2Finfer/issues/2048","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2048/packages"},{"uuid":"4653426421","node_id":"PR_kwDOONRr-M7l9_s7","number":126,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T23:58:47.000Z","updated_at":"2026-06-12T23:59:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dustin4444/redux/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/Dustin4444/redux/126)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/Dustin4444/redux/pull/126","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dustin4444%2Fredux/issues/126","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/126/packages"},{"uuid":"4653370917","node_id":"PR_kwDOP9wlJs7l90cC","number":279,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T23:43:23.000Z","updated_at":"2026-06-12T23:44:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":8,"packages":[{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"ip-address","old_version":"10.1.0","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"next-intl","old_version":"4.9.1","new_version":"4.9.2","repository_url":"https://github.com/amannn/next-intl"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /examples/basic-nextjs directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/basic-nextjs-pages-router directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 4 updates in the /examples/basic-spa/angular directory: [postcss](https://github.com/postcss/postcss), [ip-address](https://github.com/beaugunderson/ip-address), [joi](https://github.com/hapijs/joi) and [ws](https://github.com/websockets/ws).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-article-starter directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 4 updates in the /examples/kit-nextjs-location-finder directory: [next-intl](https://github.com/amannn/next-intl), [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-product-listing directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-skate-park directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.1.0...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-intl` from 4.9.1 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/releases\"\u003enext-intl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.9.2\u003c/h2\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/blob/main/CHANGELOG.md\"\u003enext-intl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/e1b18258075017216165735212568c8f795e1660\"\u003e\u003ccode\u003ee1b1825\u003c/code\u003e\u003c/a\u003e v4.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003e\u003ccode\u003ec0bf0ee\u003c/code\u003e\u003c/a\u003e fix: Prototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/amannn/next-intl/compare/v4.9.1...v4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6...\n\n_Description has been truncated_","html_url":"https://github.com/sc-sobiyasivakumar/xmcloud-starter-js/pull/279","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sc-sobiyasivakumar%2Fxmcloud-starter-js/issues/279","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/279/packages"},{"uuid":"4653336846","node_id":"PR_kwDOFCuVhs7l9tr4","number":6,"state":"closed","title":"Bump joi from 17.8.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T23:48:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T23:35:28.000Z","updated_at":"2026-06-12T23:48:26.000Z","time_to_close":771,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.8.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.8.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.8.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/ublabs/netlify-cms-oauth/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ublabs%2Fnetlify-cms-oauth/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4653139738","node_id":"PR_kwDOPrcsTM7l9D4t","number":16,"state":"closed","title":"Bump the npm_and_yarn group across 8 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T05:51:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T22:50:46.000Z","updated_at":"2026-06-13T05:51:58.000Z","time_to_close":25271,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"joi","old_version":"17.6.0","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"vite","old_version":"4.5.14","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"vitest","old_version":"0.29.8","new_version":"3.2.6","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@grpc/grpc-js","old_version":"1.13.4","new_version":"1.14.4","repository_url":"https://github.com/grpc/grpc-node"},{"name":"dompurify","old_version":"3.2.6","new_version":"3.4.10","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [joi](https://github.com/hapijs/joi) | `17.6.0` | `17.13.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.14` | `6.4.2` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `0.29.8` | `3.2.6` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.7` |\n| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.13.4` | `1.14.4` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.4.10` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.8` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.4` |\n| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.3` | `1.8.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/nextjs-api-sales directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /packages/backend-core directory: [joi](https://github.com/hapijs/joi) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/builder directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /packages/client directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /packages/server directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte), [joi](https://github.com/hapijs/joi), [uuid](https://github.com/uuidjs/uuid) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 1 update in the /packages/upgrade-tests directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/worker directory: [joi](https://github.com/hapijs/joi) and [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.6.0 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.6.0...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~marsup\"\u003emarsup\u003c/a\u003e, a new releaser for joi since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.5.14 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 0.29.8 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin last supported vite-node version  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d05\"\u003e\u003c!-- raw HTML omitted --\u003e(16f12)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.5...v3.2.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10445\"\u003evitest-dev/vitest#10445\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d\"\u003e\u003c!-- raw HTML omitted --\u003e(af88b)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10456\"\u003evitest-dev/vitest#10456\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd\"\u003e\u003c!-- raw HTML omitted --\u003e(385a1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.4...v3.2.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse correct path for optimisation of strip-literal  -  by \u003ca href=\"https://github.com/mrginglymus\"\u003e\u003ccode\u003e@​mrginglymus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8139\"\u003evitest-dev/vitest#8139\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/44940d9dd\"\u003e\u003c!-- raw HTML omitted --\u003e(44940)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrint uint and buffer as a simple string  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8141\"\u003evitest-dev/vitest#8141\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b86bf0d99\"\u003e\u003c!-- raw HTML omitted --\u003e(b86bf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eShow a helpful error when spying on an export  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8178\"\u003evitest-dev/vitest#8178\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5600772c2\"\u003e\u003c!-- raw HTML omitted --\u003e(56007)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003evitest run --watch\u003c/code\u003e should be watch-mode  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8128\"\u003evitest-dev/vitest#8128\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/657e83f9f\"\u003e\u003c!-- raw HTML omitted --\u003e(657e8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse absolute path environment on Windows  -  by \u003ca href=\"https://github.com/colinaaa\"\u003e\u003ccode\u003e@​colinaaa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8105\"\u003evitest-dev/vitest#8105\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/85dc0195f\"\u003e\u003c!-- raw HTML omitted --\u003e(85dc0)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThrow error when \u003ccode\u003e--shard x/\u0026lt;count\u0026gt;\u003c/code\u003e exceeds count of test files  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8112\"\u003evitest-dev/vitest#8112\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/8a18c8e20\"\u003e\u003c!-- raw HTML omitted --\u003e(8a18c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eIgnore SCSS in browser mode  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8161\"\u003evitest-dev/vitest#8161\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c3be6f63\"\u003e\u003c!-- raw HTML omitted --\u003e(0c3be)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eUpdate all non-major dependencies  -  in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8123\"\u003evitest-dev/vitest#8123\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/93f3200e4\"\u003e\u003c!-- raw HTML omitted --\u003e(93f32)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexpect\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eHandle async errors in expect.soft  -  by \u003ca href=\"https://github.com/lzl0304\"\u003e\u003ccode\u003e@​lzl0304\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8145\"\u003evitest-dev/vitest#8145\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/686996912\"\u003e\u003c!-- raw HTML omitted --\u003e(68699)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epool\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAuto-adjust \u003ccode\u003eminWorkers\u003c/code\u003e when only \u003ccode\u003emaxWorkers\u003c/code\u003e specified  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8110\"\u003evitest-dev/vitest#8110\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/14dc0724f\"\u003e\u003c!-- raw HTML omitted --\u003e(14dc0)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereporter\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003etask.meta\u003c/code\u003e should be available in custom reporter's errors  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8115\"\u003evitest-dev/vitest#8115\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/27df68a0e\"\u003e\u003c!-- raw HTML omitted --\u003e(27df6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003ePreserve handler wrapping on extend  -  by \u003ca href=\"https://github.com/pengooseDev\"\u003e\u003ccode\u003e@​pengooseDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8153\"\u003evitest-dev/vitest#8153\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a92812b70\"\u003e\u003c!-- raw HTML omitted --\u003e(a9281)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eEnsure ui config option works correctly  -  by \u003ca href=\"https://github.com/lzl0304\"\u003e\u003ccode\u003e@​lzl0304\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8147\"\u003evitest-dev/vitest#8147\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/42eeb2ee6\"\u003e\u003c!-- raw HTML omitted --\u003e(42eeb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.3...v3.2.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Use base url instead of \u003cstrong\u003evitest\u003c/strong\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8126\"\u003evitest-dev/vitest#8126\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d8ebf9ae\"\u003e\u003c!-- raw HTML omitted --\u003e(1d8eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/b6d56f8171ae814ee7571df63a35a0da5203dbaa\"\u003e\u003ccode\u003eb6d56f8\u003c/code\u003e\u003c/a\u003e chore: release v3.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d0585677f6a32bcb3dd01fa61c140e2588\"\u003e\u003ccode\u003e16f120d\u003c/code\u003e\u003c/a\u003e fix: pin last supported vite-node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/2cbad0a923c48c6144266df3cd25f93547cb5221\"\u003e\u003ccode\u003e2cbad0a\u003c/code\u003e\u003c/a\u003e chore: release v3.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd4c2bfa5e7d58bf7c6834c929969f2c7\"\u003e\u003ccode\u003e385a1ae\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8\"\u003e\u003ccode\u003eaf88b1f\u003c/code\u003e\u003c/a\u003e feat(api): add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c666d149a4516761bae92ca56ce1336d2fd352c3\"\u003e\u003ccode\u003ec666d14\u003c/code\u003e\u003c/a\u003e chore: release v3.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8a18c8e20a19f2c8d9f402e426886999f378c389\"\u003e\u003ccode\u003e8a18c8e\u003c/code\u003e\u003c/a\u003e fix(cli): throw error when \u003ccode\u003e--shard x/\\\u0026lt;count\u0026gt;\u003c/code\u003e exceeds count of test files (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8abd7cc6fff5fa47d899b5f5383f526d2fdef784\"\u003e\u003ccode\u003e8abd7cc\u003c/code\u003e\u003c/a\u003e chore(deps): update \u003ccode\u003etinypool\u003c/code\u003e (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8174\"\u003e#8174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/93f3200e452874ed4e2d018718bbbde7ebd28590\"\u003e\u003ccode\u003e93f3200\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8123\"\u003e#8123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c3be6f637d65ef47f2fcf2ccd637f1ecc9d1786\"\u003e\u003ccode\u003e0c3be6f\u003c/code\u003e\u003c/a\u003e fix(coverage): ignore SCSS in browser mode (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8161\"\u003e#8161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@grpc/grpc-js` from 1.13.4 to 1.14.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-node/releases\"\u003e@​grpc/grpc-js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a bug that could cause servers to crash when handling malformed requests (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2\"\u003eadvisory GHSA-5375-pq7m-f5r2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug that could cause clients and servers to crash when handling malformed compressed messages (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq\"\u003eadvisory GHSA-99f4-grh7-6pcq\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSend halfClose immediately after messages to prevent late halfClose issues with Envoy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3031\"\u003e#3031\u003c/a\u003e contributed by \u003ca href=\"https://github.com/serkanerip\"\u003e\u003ccode\u003e@​serkanerip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix server keep alive timeout not properly destroying connections (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3022\"\u003e#3022\u003c/a\u003e contributed by \u003ca href=\"https://github.com/mattias-wiberg\"\u003e\u003ccode\u003e@​mattias-wiberg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression of the settings used internally for HTTP/2 sessions (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3023\"\u003e#3023\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js-xds\u003c/code\u003e 1.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement RBAC support (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2939\"\u003e#2939\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2945\"\u003e#2945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eweighted_round_robin\u003c/code\u003e to LB policy registry (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3001\"\u003e#3001\u003c/a\u003e) (currently experimental, enabled by the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_WRR_LB\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ewrr_locality\u003c/code\u003e to LB policy registry (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3003\"\u003e#3003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003egetAuthContext\u003c/code\u003e method to client and server call classes (more details can be found in \u003ca href=\"https://github.com/grpc/proposal/blob/master/L35-node-getAuthContext.md\"\u003egRFC L35\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement custom backend metrics support (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A51-custom-backend-metrics.md\"\u003egRFC A51\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2978\"\u003e#2978\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2983\"\u003e#2983\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2985\"\u003e#2985\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2986\"\u003e#2986\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2999\"\u003e#2999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003egetConnectionInfo\u003c/code\u003e method to the \u003ccode\u003eServerInterceptingCall\u003c/code\u003e class (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2922\"\u003e#2922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement the \u003ccode\u003eweighted_round_robin\u003c/code\u003e load balancing policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2998\"\u003e#2998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix jitter behavior for client retries (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2960\"\u003e#2960\u003c/a\u003e contributed by \u003ca href=\"https://github.com/ekscentrysytet\"\u003e\u003ccode\u003e@​ekscentrysytet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStart connecting from a random index in the \u003ccode\u003eround_robin\u003c/code\u003e LB policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSend connection-level WINDOW_UPDATE at session start (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2971\"\u003e#2971\u003c/a\u003e contributed by \u003ca href=\"https://github.com/KoenRijpstra\"\u003e\u003ccode\u003e@​KoenRijpstra\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eExperimental API Changes\u003c/h2\u003e\n\u003cp\u003eAdded:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCHANNEL_ARGS_CONFIG_SELECTOR_KEY\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eStatusOr\u0026lt;T\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCallStream\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estatusOrFromValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estatusOrFromError\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModified:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResolverListener#onSuccessfulResolution\u003c/code\u003e now has the signature \u003ccode\u003e(endpointList: StatusOr\u0026lt;Endpoint[]\u0026gt;, attributes: { [key: string]: unknown }, serviceConfig: StatusOr\u0026lt;ServiceConfig\u0026gt; | null, resolutionNote: string): boolean\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eLoadBalancer#updateAddressList\u003c/code\u003e now has the signature `updateAddressList(endpointList: StatusOr\u0026lt;Endpoint[]\u0026gt;,lbConfig: TypedLoadBalancingConfig, channelOptions: ChannelOptions, resolutionNote: string): boolean\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.13.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a bug that could cause servers to crash when handling malformed requests (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2\"\u003eadvisory GHSA-5375-pq7m-f5r2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug that could cause clients and servers to crash when handling malformed compressed messages (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq\"\u003eadvisory GHSA-99f4-grh7-6pcq\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/a380735ba9b0351214f2faa578350a559dd486ff\"\u003e\u003ccode\u003ea380735\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3052\"\u003e#3052\u003c/a\u003e from murgatroid99/grpc-js_1.14.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/5b8d37b03d91122ec0b9bc5e27dd26ffa7448337\"\u003e\u003ccode\u003e5b8d37b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/6a97456cc88d2b74e1527b356de98bf8ee8d7a40\"\u003e\u003ccode\u003e6a97456\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/e5e0b1d3ff14fa7c5eeef10b309d694bc3ff7e96\"\u003e\u003ccode\u003ee5e0b1d\u003c/code\u003e\u003c/a\u003e grpc-js: Bump version to 1.14.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/5029a2668164d1ba6de6ed4dcf6d35d5c4ff6cf4\"\u003e\u003ccode\u003e5029a26\u003c/code\u003e\u003c/a\u003e Make compression error a static string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163\"\u003e\u003ccode\u003e2fe55fd\u003c/code\u003e\u003c/a\u003e Fix crashes when receiving malformed compressed data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668\"\u003e\u003ccode\u003e234f917\u003c/code\u003e\u003c/a\u003e Fix server crash when handling invalid requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/acef8d4adfa091188e9dd572cedf4d87b0f69b21\"\u003e\u003ccode\u003eacef8d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3043\"\u003e#3043\u003c/a\u003e from murgatroid99/rbac_types_change_fix_1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/4f3c58fda2136eb0038a39d54804acb06a8419ea\"\u003e\u003ccode\u003e4f3c58f\u003c/code\u003e\u003c/a\u003e grpc-js-xds: Update RBAC code to handle Node type change, pin \u003ccode\u003e@​types/node\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/ccd29b27d28ce8937f8250f72e5e6027ed5af09a\"\u003e\u003ccode\u003eccd29b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3032\"\u003e#3032\u003c/a\u003e from murgatroid99/grpc-js_retry_half_close_1.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.13.4...@grpc/grpc-js@1.14.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.2.6 to 3.4.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactored codebase for clarity: extracted the public type declarations into \u003ccode\u003etypes.ts\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDecomposed the three largest sanitizer functions into focused helpers\u003c/li\u003e\n\u003cli\u003eRemoved duplicated defaults and dead branches, consolidated \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrubbing into single shared path\u003c/li\u003e\n\u003cli\u003eImproved per-node performance by hoisting the mXSS probe regexes and testing \u003ccode\u003etextContent\u003c/code\u003e before \u003ccode\u003einnerHTML\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded a deterministic micro-benchmark harness (\u003ccode\u003enpm run bench\u003c/code\u003e) with a \u003ccode\u003e--compare\u003c/code\u003e mode\u003c/li\u003e\n\u003cli\u003eReduced CI cost by running the full three-engine browser suite once per PR\u003c/li\u003e\n\u003cli\u003eRefreshed the \u003ccode\u003edemos/\u003c/code\u003e folder so every demo runs again, and added a SVG-via-\u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e demo\u003c/li\u003e\n\u003cli\u003eDocumented the bench and \u003ccode\u003etest:happydom\u003c/code\u003e scripts in the README\u003c/li\u003e\n\u003cli\u003eCompleted the Attack Classes \u0026amp; Bypass History wiki page\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFurther improved the handling of Trusted Types config options, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFurther improved the handling of \u003ccode\u003eIN_PLACE\u003c/code\u003e sanitization, thanks \u003ca href=\"https://github.com/mozfreddyb\"\u003e\u003ccode\u003e@​mozfreddyb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and Trusted Types related usage\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eUpdated README and wiki with more accurate documentation \u0026amp; attack samples\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleaned up the repository root, renamed some and removed unneeded files\u003c/li\u003e\n\u003cli\u003eFixed an issue with handling of Trusted Types policies, thanks \u003ca href=\"https://github.com/fulstadev\"\u003e\u003ccode\u003e@​fulstadev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the node iterator for better template scrubbing, thanks \u003ca href=\"https://github.com/IamLeandrooooo\"\u003e\u003ccode\u003e@​IamLeandrooooo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncluded formerly missing LICENSE-MPL in published npm package, thanks \u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHardened the handling of Shadow Roots when using \u003ccode\u003eIN_PLACE\u003c/code\u003e, thanks \u003ca href=\"https://github.com/GameZoneHacker\"\u003e\u003ccode\u003e@​GameZoneHacker\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved a problem leading to permanent hook pollution, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactored the test suite and expanded test coverage significantly\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed several issues with DOM Clobbering in \u003ccode\u003eIN_PLACE\u003c/code\u003e mode, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHardened the checks for cross-realm \u003ccode\u003eIN_PLACE\u003c/code\u003e and Shadow DOM sanitization, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and general DOM Clobbering attacks\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6ee5716f8336989753611beeca364957c0eb0c3e\"\u003e\u003ccode\u003e6ee5716\u003c/code\u003e\u003c/a\u003e release: 3.4.10 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/52102472d46035857c52df19e44285f8a1e102fc\"\u003e\u003ccode\u003e5210247\u003c/code\u003e\u003c/a\u003e release: 3.4.9 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1459\"\u003e#1459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bcdd8285412dc9c4c149652aed2d712e790d6ccf\"\u003e\u003ccode\u003ebcdd828\u003c/code\u003e\u003c/a\u003e release: 3.4.8 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1439\"\u003e#1439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff\"\u003e\u003ccode\u003eca30f07\u003c/code\u003e\u003c/a\u003e release: 3.4.7 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1414\"\u003e#1414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae\"\u003e\u003ccode\u003ebb7739e\u003c/code\u003e\u003c/a\u003e release: 3.4.6 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad96...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/budibase/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fbudibase/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4653122000","node_id":"PR_kwDOSrKJB87l9AIO","number":12,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T22:47:06.000Z","updated_at":"2026-06-12T22:48:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [esbuild](https://github.com/evanw/esbuild), [joi](https://github.com/hapijs/joi) and [shell-quote](https://github.com/ljharb/shell-quote).\nBumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 1 update in the /website directory: [shell-quote](https://github.com/ljharb/shell-quote).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/reevesc88/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/reevesc88/hermes-agent/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reevesc88%2Fhermes-agent/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4653115558","node_id":"PR_kwDOR7GF9s7l8-vh","number":12,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T22:45:48.000Z","updated_at":"2026-06-12T22:47:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"ws","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"protobufjs","old_version":"7.5.6","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"undici","old_version":"7.23.0","new_version":"7.27.2","repository_url":"https://github.com/nodejs/undici"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [esbuild](https://github.com/evanw/esbuild), [joi](https://github.com/hapijs/joi) and [shell-quote](https://github.com/ljharb/shell-quote).\nBumps the npm_and_yarn group with 3 updates in the /scripts/whatsapp-bridge directory: [ws](https://github.com/websockets/ws), [protobufjs](https://github.com/protobufjs/protobuf.js) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 3 updates in the /website directory: [undici](https://github.com/nodejs/undici), [shell-quote](https://github.com/ljharb/shell-quote) and [qs](https://github.com/ljharb/qs).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.6 to 7.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.4/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f8f64efbfc5b52997beb7549e7ea722704320cb1\"\u003e\u003ccode\u003ef8f64ef\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2330\"\u003e#2330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e\u003ccode\u003e574f761\u003c/code\u003e\u003c/a\u003e fix: Reconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e\u003ccode\u003e06ddd07\u003c/code\u003e\u003c/a\u003e fix: Remove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1d3796d7d29830c73eec792ccbe769be6aa020ac\"\u003e\u003ccode\u003e1d3796d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2317\"\u003e#2317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003e\u003ccode\u003edf91652\u003c/code\u003e\u003c/a\u003e fix: Preserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e\u003ccode\u003e78a9576\u003c/code\u003e\u003c/a\u003e fix: Avoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ec90ef9ccc30fffe6ea9ea37e45781071898229d\"\u003e\u003ccode\u003eec90ef9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003e\u003ccode\u003ea92f72e\u003c/code\u003e\u003c/a\u003e fix: Backport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.23.0 to 7.27.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.27.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: use legacy global dispatcher in v7 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5368\"\u003enodejs/undici#5368\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.27.1...v7.27.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.27.1...v7.27.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve raw headers in dispatch handler bridge by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5345\"\u003enodejs/undici#5345\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.27.0...v7.27.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.27.0...v7.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[7.x] fix: support Node 26 and legacy global dispatcher by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5319\"\u003enodejs/undici#5319\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.26.0...v7.27.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.26.0...v7.27.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.26.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport safe main fixes to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5136\"\u003enodejs/undici#5136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: validate EOF for chunked h1 responses by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5307\"\u003enodejs/undici#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.25.0...v7.26.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.25.0...v7.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/b0ba52d84906ffb291acda421008e7a350a62eb9\"\u003e\u003ccode\u003eb0ba52d\u003c/code\u003e\u003c/a\u003e Bumped v7.27.2 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5369\"\u003e#5369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c03ed25024a3f4bbeaebc2bf9f4862a713138d06\"\u003e\u003ccode\u003ec03ed25\u003c/code\u003e\u003c/a\u003e fix: use legacy global dispatcher in v7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5368\"\u003e#5368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/452787779c618fd51557057278d1a70c89ae869c\"\u003e\u003ccode\u003e4527877\u003c/code\u003e\u003c/a\u003e Bumped v7.27.1 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5354\"\u003e#5354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3e17d9255a10cadb1acfde03c13fe869bb15a206\"\u003e\u003ccode\u003e3e17d92\u003c/code\u003e\u003c/a\u003e fix: preserve raw headers in dispatch handler bridge (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5345\"\u003e#5345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7aeee342b32a20efa31e99b09bdbf192e4dec53\"\u003e\u003ccode\u003ed7aeee3\u003c/code\u003e\u003c/a\u003e Bumped v7.27.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5340\"\u003e#5340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2054b13b5b424579f3e0293bcf99a07ca71e48e9\"\u003e\u003ccode\u003e2054b13\u003c/code\u003e\u003c/a\u003e [7.x] fix: support Node 26 and legacy global dispatcher (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5319\"\u003e#5319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/acf800822a688927874cef3487c298cc2f71afa5\"\u003e\u003ccode\u003eacf8008\u003c/code\u003e\u003c/a\u003e Bumped v7.26.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5322\"\u003e#5322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2b3cd223c0abbe7271c764db8aee38772cca0d95\"\u003e\u003ccode\u003e2b3cd22\u003c/code\u003e\u003c/a\u003e fix: validate EOF for chunked h1 responses (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5273\"\u003e#5273\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5307\"\u003e#5307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/301f347a817b577cc7b51684f634e9fedb4f3df7\"\u003e\u003ccode\u003e301f347\u003c/code\u003e\u003c/a\u003e test: avoid Promise.withResolvers in tls session reuse test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0f6c7921603487d95a62c61c7bde36ea1650949f\"\u003e\u003ccode\u003e0f6c792\u003c/code\u003e\u003c/a\u003e fix: preserve allowH2 when wrapping custom connect\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.23.0...v7.27.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sanjeed5/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sanjeed5/hermes-agent/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjeed5%2Fhermes-agent/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4652582325","node_id":"PR_kwDOSxNQgM7l7Qj9","number":1,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T21:25:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T21:01:13.000Z","updated_at":"2026-06-12T21:25:38.000Z","time_to_close":1463,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"follow-redirects","old_version":"1.15.2","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"socket.io-parser","old_version":"4.2.1","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"joi","old_version":"17.7.0","new_version":"17.13.3","repository_url":"https://github.com/hapijs/joi"},{"name":"flatted","old_version":"3.2.7","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /chrome-extension/extension directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /solana-clawd-x402/worker directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [hono](https://github.com/honojs/hono).\nBumps the npm_and_yarn group with 2 updates in the /solana-clawd/automaton-main directory: [esbuild](https://github.com/evanw/esbuild) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 3 updates in the /solana-clawd/automaton-main/automation directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 1 update in the /solana-clawd/payments/pdb directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /solana-clawd/perps/twamm-master directory: [picomatch](https://github.com/micromatch/picomatch), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [joi](https://github.com/hapijs/joi).\nBumps the npm_and_yarn group with 6 updates in the /solana-clawd/programs/mpl-token-metadata-main/programs/token-metadata/js directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.1` | `4.2.6` |\n| [joi](https://github.com/hapijs/joi) | `17.7.0` | `17.13.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n\nBumps the npm_and_yarn group with 4 updates in the /ui directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest), [dompurify](https://github.com/cure53/DOMPurify) and [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser).\nBumps the npm_and_yarn group with 2 updates in the /workers/agent-wallet directory: [hono](https://github.com/honojs/hono) and [ws](https://github.com/websockets/ws).\n\nUpdates `vite` from 8.0.2 to 8.0.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.16\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.15\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.14\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.8\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ecreate-vite@8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16\"\u003e8.0.16\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e reject UNC paths for launch-editor-middleware (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22571\"\u003e#22571\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e50b9512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject windows alternate paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22572\"\u003e#22572\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003edc245c7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15\"\u003e8.0.15\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esend 408 on request timeout (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22476\"\u003e#22476\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797\"\u003ec85c9ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.3 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22538\"\u003e#22538\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e646dbed\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecapitalize error messages and remove spurious space in parse error (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22488\"\u003e#22488\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e85a0eff\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22511\"\u003e#22511\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e2686d7d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e fix html-proxy cache key mismatch for /@fs/ HTML paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21762\"\u003e#21762\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e\"\u003e47c4213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e error on relative glob in virtual module when no files match (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22497\"\u003e#22497\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c\"\u003e5c8e98f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e close the rolldown bundle when write() rejects (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22528\"\u003e#22528\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003ee3cfb9d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eresolve:\u003c/strong\u003e provide onWarn for viteResolvePlugin in JS plugin containers (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22509\"\u003e#22509\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83\"\u003e40985f1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22566\"\u003e#22566\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e3052a67\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrect logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22562\"\u003e#22562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e6978a9c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14\"\u003e8.0.14\u003c/a\u003e (2026-05-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.2 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22484\"\u003e#22484\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0\"\u003e96efc88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22471\"\u003e#22471\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3\"\u003e98b8163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e handle errors when sending messages to vite server (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22450\"\u003e#22450\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217\"\u003ee8e9a34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehtml:\u003c/strong\u003e handle trailing slash paths in transformIndexHtml (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22480\"\u003e#22480\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693\"\u003e5d94d1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e pass oxc jsx options to transformSync in dependency scan                                                            (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22342\"\u003e#22342\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262\"\u003eb3132da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22470\"\u003e#22470\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f\"\u003e7cb728e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086\"\u003e2c69495\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e do not rewrite import path for absolute base (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22310\"\u003e#22310\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302\"\u003e0ae2844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a\"\u003e\u003ccode\u003ef94df87\u003c/code\u003e\u003c/a\u003e release: v8.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003e\u003ccode\u003edc245c7\u003c/code\u003e\u003c/a\u003e fix: reject windows alternate paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572\"\u003e#22572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e\u003ccode\u003e50b9512\u003c/code\u003e\u003c/a\u003e fix(deps): reject UNC paths for launch-editor-middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571\"\u003e#22571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420\"\u003e\u003ccode\u003e8d1b019\u003c/code\u003e\u003c/a\u003e release: v8.0.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e\u003ccode\u003e2686d7d\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511\"\u003e#22511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e\u003ccode\u003e3052a67\u003c/code\u003e\u003c/a\u003e chore(deps): update rolldown-related dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566\"\u003e#22566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003e\u003ccode\u003ee3cfb9d\u003c/code\u003e\u003c/a\u003e fix(optimizer): close the rolldown bundle when write() rejects (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528\"\u003e#22528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e\u003ccode\u003e6978a9c\u003c/code\u003e\u003c/a\u003e refactor: correct logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562\"\u003e#22562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e\u003ccode\u003e646dbed\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.3 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538\"\u003e#22538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e\u003ccode\u003e85a0eff\u003c/code\u003e\u003c/a\u003e fix: capitalize error messages and remove spurious space in parse error (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488\"\u003e#22488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.16/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 8.0.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.16\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.15\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.14\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.8\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ecreate-vite@8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16\"\u003e8.0.16\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e reject UNC paths for launch-editor-middleware (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22571\"\u003e#22571\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e50b9512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject windows alternate paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22572\"\u003e#22572\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003edc245c7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15\"\u003e8.0.15\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esend 408 on request timeout (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22476\"\u003e#22476\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797\"\u003ec85c9ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.3 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22538\"\u003e#22538\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e646dbed\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecapitalize error messages and remove spurious space in parse error (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22488\"\u003e#22488\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e85a0eff\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22511\"\u003e#22511\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e2686d7d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e fix html-proxy cache key mismatch for /@fs/ HTML paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21762\"\u003e#21762\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e\"\u003e47c4213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e error on relative glob in virtual module when no files match (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22497\"\u003e#22497\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c\"\u003e5c8e98f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e close the rolldown bundle when write() rejects (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22528\"\u003e#22528\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003ee3cfb9d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eresolve:\u003c/strong\u003e provide onWarn for viteResolvePlugin in JS plugin containers (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22509\"\u003e#22509\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83\"\u003e40985f1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22566\"\u003e#22566\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e3052a67\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrect logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22562\"\u003e#22562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e6978a9c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14\"\u003e8.0.14\u003c/a\u003e (2026-05-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.2 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22484\"\u003e#22484\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0\"\u003e96efc88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22471\"\u003e#22471\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3\"\u003e98b8163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e handle errors when sending messages to vite server (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22450\"\u003e#22450\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217\"\u003ee8e9a34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehtml:\u003c/strong\u003e handle trailing slash paths in transformIndexHtml (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22480\"\u003e#22480\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693\"\u003e5d94d1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e pass oxc jsx options to transformSync in dependency scan                                                            (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22342\"\u003e#22342\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262\"\u003eb3132da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22470\"\u003e#22470\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f\"\u003e7cb728e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086\"\u003e2c69495\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e do not rewrite import path for absolute base (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22310\"\u003e#22310\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302\"\u003e0ae2844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a\"\u003e\u003ccode\u003ef94df87\u003c/code\u003e\u003c/a\u003e release: v8.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003e\u003ccode\u003edc245c7\u003c/code\u003e\u003c/a\u003e fix: reject windows alternate paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572\"\u003e#22572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e\u003ccode\u003e50b9512\u003c/code\u003e\u003c/a\u003e fix(deps): reject UNC paths for launch-editor-middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571\"\u003e#22571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420\"\u003e\u003ccode\u003e8d1b019\u003c/code\u003e\u003c/a\u003e release: v8.0.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e\u003ccode\u003e2686d7d\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511\"\u003e#22511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e\u003ccode\u003e3052a67\u003c/code\u003e\u003c/a\u003e chore(deps): update rolldown-related dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566\"\u003e#22566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003e\u003ccode\u003ee3cfb9d\u003c/code\u003e\u003c/a\u003e fix(optimizer): close the rolldown bundle when write() rejects (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528\"\u003e#22528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e\u003ccode\u003e6978a9c\u003c/code\u003e\u003c/a\u003e refactor: correct logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562\"\u003e#22562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e\u003ccode\u003e646dbed\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.3 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538\"\u003e#22538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e\u003ccode\u003e85a0eff\u003c/code\u003e\u003c/a\u003e fix: capitalize error messages and remove spurious space in parse error (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488\"\u003e#22488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.16/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 2.1.9 to 4.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.8\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eDisable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v4]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10450\"\u003evitest-dev/vitest#10450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b1\"\u003e\u003c!-- raw HTML omitted --\u003e(e4067)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by \u003ca href=\"https://github.com/toxik\"\u003e\u003ccode\u003e@​toxik\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Zelys-DFKH\"\u003e\u003ccode\u003e@​Zelys-DFKH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10474\"\u003evitest-dev/vitest#10474\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/675b4343f\"\u003e\u003c!-- raw HTML omitted --\u003e(675b4)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10384\"\u003evitest-dev/vitest#10384\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4f0f2a1ee\"\u003e\u003c!-- raw HTML omitted --\u003e(4f0f2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10138\"\u003evitest-dev/vitest#10138\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607c\"\u003e\u003c!-- raw HTML omitted --\u003e(31882)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGlobal \u003ccode\u003esequence.concurrent: true\u003c/code\u003e with top-level \u003ccode\u003etest(..., { concurrent: false })\u003c/code\u003e + depreacte \u003ccode\u003esequential\u003c/code\u003e test API and options  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eCodex\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10196\"\u003evitest-dev/vitest#10196\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2847dfa2a\"\u003e\u003c!-- raw HTML omitted --\u003e(2847d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Simplify orchestrator otel carrier  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10285\"\u003evitest-dev/vitest#10285\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee\"\u003e\u003c!-- raw HTML omitted --\u003e(18af9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🏎 Performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStringify diff objects only once  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10276\"\u003evitest-dev/vitest#10276\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9f7b1528c\"\u003e\u003c!-- raw HTML omitted --\u003e(9f7b1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Experimental Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Istanbul to support \u003ccode\u003einstrumenter\u003c/code\u003e option  -  by \u003ca href=\"https://github.com/BartWaardenburg\"\u003e\u003ccode\u003e@​BartWaardenburg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10119\"\u003evitest-dev/vitest#10119\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0e0ff41c7\"\u003e\u003c!-- raw HTML omitted --\u003e(0e0ff)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e--project negation excludes browser instances  -  by \u003ca href=\"https://github.com/felamaslen\"\u003e\u003ccode\u003e@​felamaslen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10131\"\u003evitest-dev/vitest#10131\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9423dc084\"\u003e\u003c!-- raw HTML omitted --\u003e(9423d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProject color label on html reporter  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10142\"\u003evitest-dev/vitest#10142\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/596f73986\"\u003e\u003c!-- raw HTML omitted --\u003e(596f7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003evi.defineHelper\u003c/code\u003e called as object method  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10163\"\u003evitest-dev/vitest#10163\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/122c25b5b\"\u003e\u003c!-- raw HTML omitted --\u003e(122c2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlias \u003ccode\u003eagent\u003c/code\u003e reporter to \u003ccode\u003eminimal\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10157\"\u003evitest-dev/vitest#10157\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/663b99fe3\"\u003e\u003c!-- raw HTML omitted --\u003e(663b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedad\"\u003e\u003c!-- raw HTML omitted --\u003e(9787d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions \u0026quot;  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd\"\u003e\u003c!-- raw HTML omitted --\u003e(7dc6d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003east-collect\u003c/strong\u003e: Recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery  -  by \u003ca href=\"https://github.com/Yejneshwar\"\u003e\u003ccode\u003e@​Yejneshwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10129\"\u003evitest-dev/vitest#10129\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab2\"\u003e\u003c!-- raw HTML omitted --\u003e(32546)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Descriptive error message when reports directory is removed during test run  -  by \u003ca href=\"https://github.com/DaveT1991\"\u003e\u003ccode\u003e@​DaveT1991\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10117\"\u003evitest-dev/vitest#10117\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1413382e1\"\u003e\u003c!-- raw HTML omitted --\u003e(14133)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esnapshot\u003c/strong\u003e: Increase default snapshot max output length  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10150\"\u003evitest-dev/vitest#10150\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/21e66ff63\"\u003e\u003c!-- raw HTML omitted --\u003e(21e66)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e: Fix jsx/tsx syntax highlight  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10152\"\u003evitest-dev/vitest#10152\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f1b1f6c7b\"\u003e\u003c!-- raw HTML omitted --\u003e(f1b1f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-worker\u003c/strong\u003e: Support MessagePort objects referenced inside postMessage data  -  by \u003ca href=\"https://github.com/whitphx\"\u003e\u003ccode\u003e@​whitphx\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6 (1M context)\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9927\"\u003evitest-dev/vitest#9927\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10124\"\u003evitest-dev/vitest#10124\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7ad7d39af\"\u003e\u003c!-- raw HTML omitted --\u003e(7ad7d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Make test-specification options writable  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10154\"\u003evitest-dev/vitest#10154\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6abd557b7\"\u003e\u003c!-- raw HTML omitted --\u003e(6abd5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f\"\u003e\u003ccode\u003ee61f2dd\u003c/code\u003e\u003c/a\u003e chore: release v4.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9\"\u003e\u003ccode\u003ee4067b3\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4\"\u003e\u003ccode\u003ea09d472\u003c/code\u003e\u003c/a\u003e chore: release v4.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1\"\u003e\u003ccode\u003ea8fd24c\u003c/code\u003e\u003c/a\u003e chore: release v4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06\"\u003e\u003ccode\u003e18af98c\u003c/code\u003e\u003c/a\u003e fix(browser): simplify orchestrator otel carrier (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285\"\u003e#10285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857\"\u003e\u003ccode\u003e3188260\u003c/code\u003e\u003c/a\u003e feat(browser): provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9\"\u003e\u003ccode\u003ee399846\u003c/code\u003e\u003c/a\u003e chore: release v4.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd9dda0fe6fee2fb6451d0611a9ecb6e7\"\u003e\u003ccode\u003e7dc6d54\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedade9896a6d3eeed7739177d6c583a68a7\"\u003e\u003ccode\u003e9787ded\u003c/code\u003e\u003c/a\u003e fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab292c45c3ef27aa21ec7da380c307052c\"\u003e\u003ccode\u003e325463a\u003c/code\u003e\u003c/a\u003e fix(ast-collect): recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.18 to 4.12.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.19\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: pin GitHub Actions to SHAs by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4932\"\u003ehonojs/hono#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(serveStatic): make options parameter optional in all adapters by \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4934\"\u003ehonojs/hono#4934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cookie): return the first cookie when there are multiple cookies with the same name by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4922\"\u003ehonojs/hono#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bearer-auth): make bearerAuth generic for typed context in verifyToken by \u003ca href=\"https://github.com/justinnais\"\u003e\u003ccode\u003e@​justinnais\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4913\"\u003ehonojs/hono#4913\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): key cache entries by configured vary headers by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4915\"\u003ehonojs/hono#4915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(request): add \u003ccode\u003ebytes()\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4921\"\u003ehonojs/hono#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stream): upgrade \u003ccode\u003e@hono/node-server\u003c/code\u003e to v2 and fix abort handling by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4940\"\u003ehonojs/hono#4940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinnais\"\u003e\u003ccode\u003e@​justinnais\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4913\"\u003ehonojs/hono#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.18...v4.12.19\"\u003ehttps://github.com/honojs/hono/compare/v4.12.18...v4.12.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/5463db2735476959b8af67756f4e513f4fe19115\"\u003e\u003ccode\u003e5463db2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c657a39ccc8d3194d345d9e82c8587bd25b5b6e8\"\u003e\u003ccode\u003ec657a39\u003c/code\u003e\u003c/a\u003e 4.12.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/eb2d0c238adbcee5933d0f8c15f1a65a88f50565\"\u003e\u003ccode\u003eeb2d0c2\u003c/code\u003e\u003c/a\u003e fix(jsx): widen jsx and jsxFn children to Child[] (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/dcabbece347817ef7193439c39d28546b8ac3a85\"\u003e\u003ccode\u003edcabbec\u003c/code\u003e\u003c/a\u003e fix(route): preserve the base path of the mounted route() app (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e62bcd22fa4e8f0e83cb564bac85e32f5434dd3\"\u003e\u003ccode\u003e7e62bcd\u003c/code\u003e\u003c/a\u003e 4.12.19\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/e2f252a8745eb25f06485b8d43e8410bf027c8ef\"\u003e\u003ccode\u003ee2f252a\u003c/code\u003e\u003c/a\u003e fix(stream): upgrade \u003ccode\u003e@hono/node-server\u003c/code\u003e to v2 and fix abort handling (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4940\"\u003e#4940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.18...v4.12.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 2.1.9 to 4.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.8\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eDisable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v4]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10450\"\u003evitest-dev/vitest#10450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b1\"\u003e\u003c!-- raw HTML omitted --\u003e(e4067)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by \u003ca href=\"https://github.com/toxik\"\u003e\u003ccode\u003e@​toxik\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Zelys-DFKH\"\u003e\u003ccode\u003e@​Zelys-DFKH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10474\"\u003evitest-dev/vitest#10474\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/675b4343f\"\u003e\u003c!-- raw HTML omitted --\u003e(675b4)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10384\"\u003evitest-dev/vitest#10384\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4f0f2a1ee\"\u003e\u003c!-- raw HTML omitted --\u003e(4f0f2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10138\"\u003evitest-dev/vitest#10138\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607c\"\u003e\u003c!-- raw HTML omitted --\u003e(31882)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGlobal \u003ccode\u003esequence.concurrent: true\u003c/code\u003e with top-level \u003ccode\u003etest(..., { concurrent: false })\u003c/code\u003e + depreacte \u003ccode\u003esequential\u003c/code\u003e test API and options  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eCodex\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10196\"\u003evitest-dev/vitest#10196\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2847dfa2a\"\u003e\u003c!-- raw HTML omitted --\u003e(2847d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Simplify orchestrator otel carrier  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10285\"\u003evitest-dev/vitest#10285\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee\"\u003e\u003c!-- raw HTML omitted --\u003e(18af9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🏎 Performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStringify diff objects only once  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10276\"\u003evitest-dev/vitest#10276\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9f7b1528c\"\u003e\u003c!-- raw HTML omitted --\u003e(9f7b1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Experimental Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Istanbul to support \u003ccode\u003einstrumenter\u003c/code\u003e option  -  by \u003ca href=\"https://github.com/BartWaardenburg\"\u003e\u003ccode\u003e@​BartWaardenburg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10119\"\u003evitest-dev/vitest#10119\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0e0ff41c7\"\u003e\u003c!-- raw HTML omitted --\u003e(0e0ff)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e--project negation excludes browser instances  -  by \u003ca href=\"https://github.com/felamaslen\"\u003e\u003ccode\u003e@​felamaslen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10131\"\u003evitest-dev/vitest#10131\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9423dc084\"\u003e\u003c!-- raw HTML omitted --\u003e(9423d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProject color label on html reporter  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10142\"\u003evitest-dev/vitest#10142\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/596f73986\"\u003e\u003c!-- raw HTML omitted --\u003e(596f7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003evi.defineHelper\u003c/code\u003e called as object method  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10163\"\u003evitest-dev/vitest#10163\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/122c25b5b\"\u003e\u003c!-- raw HTML omitted --\u003e(122c2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlias \u003ccode\u003eagent\u003c/code\u003e reporter to \u003ccode\u003eminimal\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10157\"\u003evitest-dev/vitest#10157\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/663b99fe3\"\u003e\u003c!-- raw HTML omitted --\u003e(663b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedad\"\u003e\u003c!-- raw HTML omitted --\u003e(9787d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions \u0026quot;  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd\"\u003e\u003c!-- raw HTML omitted --\u003e(7dc6d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003east-collect\u003c/strong\u003e: Recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery  -  by \u003ca href=\"https://github.com/Yejneshwar\"\u003e\u003ccode\u003e@​Yejneshwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10129\"\u003evitest-dev/vitest#10129\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab2\"\u003e\u003c!-- raw HTML omitted --\u003e(32546)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Descriptive error message when reports directory is removed during test run  -  by \u003ca href=\"https://github.com/DaveT1991\"\u003e\u003ccode\u003e@​DaveT1991\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10117\"\u003evitest-dev/vitest#10117\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1413382e1\"\u003e\u003c!-- raw HTML omitted --\u003e(14133)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esnapshot\u003c/strong\u003e: Increase default snapshot max output length  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10150\"\u003evitest-dev/vitest#10150\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/21e66ff63\"\u003e\u003c!-- raw HTML omitted --\u003e(21e66)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e: Fix jsx/tsx syntax highlight  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10152\"\u003evitest-dev/vitest#10152\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f1b1f6c7b\"\u003e\u003c!-- raw HTML omitted --\u003e(f1b1f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-worker\u003c/strong\u003e: Support MessagePort objects referenced inside postMessage data  -  by \u003ca href=\"https://github.com/whitphx\"\u003e\u003ccode\u003e@​whitphx\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6 (1M context)\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9927\"\u003evitest-dev/vitest#9927\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10124\"\u003evitest-dev/vitest#10124\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7ad7d39af\"\u003e\u003c!-- raw HTML omitted --\u003e(7ad7d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Make test-specification options writable  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10154\"\u003evitest-dev/vitest#10154\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6abd557b7\"\u003e\u003c!-- raw HTML omitted --\u003e(6abd5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f\"\u003e\u003ccode\u003ee61f2dd\u003c/code\u003e\u003c/a\u003e chore: release v4.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9\"\u003e\u003ccode\u003ee4067b3\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4\"\u003e\u003ccode\u003ea09d472\u003c/code\u003e\u003c/a\u003e chore: release v4.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1\"\u003e\u003ccode\u003ea8fd24c\u003c/code\u003e\u003c/a\u003e chore: release v4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06\"\u003e\u003ccode\u003e18af98c\u003c/code\u003e\u003c/a\u003e fix(browser): simplify orchestrator otel carrier (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285\"\u003e#10285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857\"\u003e\u003ccode\u003e3188260\u003c/code\u003e\u003c/a\u003e feat(browser): provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9\"\u003e\u003ccode\u003ee399846\u003c/code\u003e\u003c/a\u003e chore: release v4.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd9dda0fe6fee2fb6451d0611a9ecb6e7\"\u003e\u003ccode\u003e7dc6d54\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedade9896a6d3eeed7739177d6c583a68a7\"\u003e\u003ccode\u003e9787ded\u003c/code\u003e\u003c/a\u003e fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab292c45c3ef27aa21ec7da380c307052c\"\u003e\u003ccode\u003e325463a\u003c/code\u003e\u003c/a\u003e fix(ast-collect): recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n...\n\n_Description has been truncated_","html_url":"https://github.com/Solizardking/solana-os-go/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solizardking%2Fsolana-os-go/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4652530410","node_id":"PR_kwDOB9qKT87l7Foe","number":692,"state":"open","title":"build(deps): bump joi from 17.9.2 to 17.13.4","user":"dependabot[bot]","labels":[":ok_hand: code/needs-review",":ok_hand: code/review-requested",":vertical_traffic_light: automerge",":green_heart: checks/passed","dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T20:51:36.000Z","updated_at":"2026-06-12T20:52:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.9.2","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.9.2 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.9.2...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.9.2\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/christophehurpeau/alp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/christophehurpeau/alp/pull/692","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/christophehurpeau%2Falp/issues/692","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/692/packages"},{"uuid":"4652347333","node_id":"PR_kwDOAnAy8s7l6fIX","number":510,"state":"closed","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T20:38:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T20:21:36.000Z","updated_at":"2026-06-12T20:38:25.000Z","time_to_close":1007,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gre/gl-react/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gre/gl-react/pull/510","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gre%2Fgl-react/issues/510","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/510/packages"}],"issue_packages":[{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-15T01:10:42.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4661309391","node_id":"PR_kwDOSLP7l87mV5xj","number":105,"state":"open","title":"chore(deps): bump the api-patch-and-minor group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-15T01:10:42.000Z","updated_at":"2026-06-15T01:10:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"api-patch-and-minor","update_count":19,"packages":[{"name":"@opentelemetry/auto-instrumentations-node","old_version":"0.72.0","new_version":"0.77.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js-contrib"},{"name":"@opentelemetry/exporter-trace-otlp-http","old_version":"0.214.0","new_version":"0.219.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"@opentelemetry/sdk-node","old_version":"0.214.0","new_version":"0.219.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"class-validator","old_version":"0.14.4","new_version":"0.15.1","repository_url":"https://github.com/typestack/class-validator"},{"name":"ioredis","old_version":"5.10.0","new_version":"5.11.1","repository_url":"https://github.com/luin/ioredis"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"neo4j-driver","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/neo4j/neo4j-javascript-driver"},{"name":"pg","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/brianc/node-postgres"},{"name":"tree-sitter","old_version":"0.21.1","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/node-tree-sitter"},{"name":"tree-sitter-go","old_version":"0.21.2","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-go"},{"name":"tree-sitter-java","old_version":"0.21.0","new_version":"0.23.5","repository_url":"https://github.com/tree-sitter/tree-sitter-java"},{"name":"tree-sitter-javascript","old_version":"0.21.4","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-javascript"},{"name":"tree-sitter-php","old_version":"0.23.0","new_version":"0.24.2","repository_url":"https://github.com/tree-sitter/tree-sitter-php"},{"name":"tree-sitter-python","old_version":"0.21.0","new_version":"0.25.0","repository_url":"https://github.com/tree-sitter/tree-sitter-python"},{"name":"tree-sitter-rust","old_version":"0.21.0","new_version":"0.24.0","repository_url":"https://github.com/tree-sitter/tree-sitter-rust"},{"name":"typeorm","old_version":"0.3.28","new_version":"0.3.30","repository_url":"https://github.com/typeorm/typeorm"},{"name":"@types/node","old_version":"20.19.37","new_version":"20.19.43","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.4","repository_url":"https://github.com/prettier/prettier"},{"name":"ts-jest","old_version":"29.4.6","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"}],"path":null,"ecosystem":"npm"},"body":"Bumps the api-patch-and-minor group with 19 updates in the /coderover-api directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@opentelemetry/auto-instrumentations-node](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node) | `0.72.0` | `0.77.0` |\n| [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.214.0` | `0.219.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.214.0` | `0.219.0` |\n| [class-validator](https://github.com/typestack/class-validator) | `0.14.4` | `0.15.1` |\n| [ioredis](https://github.com/luin/ioredis) | `5.10.0` | `5.11.1` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [neo4j-driver](https://github.com/neo4j/neo4j-javascript-driver) | `6.0.1` | `6.1.0` |\n| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` |\n| [tree-sitter](https://github.com/tree-sitter/node-tree-sitter) | `0.21.1` | `0.25.0` |\n| [tree-sitter-go](https://github.com/tree-sitter/tree-sitter-go) | `0.21.2` | `0.25.0` |\n| [tree-sitter-java](https://github.com/tree-sitter/tree-sitter-java) | `0.21.0` | `0.23.5` |\n| [tree-sitter-javascript](https://github.com/tree-sitter/tree-sitter-javascript) | `0.21.4` | `0.25.0` |\n| [tree-sitter-php](https://github.com/tree-sitter/tree-sitter-php) | `0.23.0` | `0.24.2` |\n| [tree-sitter-python](https://github.com/tree-sitter/tree-sitter-python) | `0.21.0` | `0.25.0` |\n| [tree-sitter-rust](https://github.com/tree-sitter/tree-sitter-rust) | `0.21.0` | `0.24.0` |\n| [typeorm](https://github.com/typeorm/typeorm) | `0.3.28` | `0.3.30` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.37` | `20.19.43` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.4` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.11` |\n\n\nUpdates `@opentelemetry/auto-instrumentations-node` from 0.72.0 to 0.77.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/auto-instrumentations-node/CHANGELOG.md\"\u003e@​opentelemetry/auto-instrumentations-node's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/compare/auto-instrumentations-node-v0.76.0...auto-instrumentations-node-v0.77.0\"\u003e0.77.0\u003c/a\u003e (2026-06-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e and integrate into auto-instrumentations-node (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3492\"\u003e#3492\u003c/a\u003e) (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/16bee31051d92e8add717a798c967147a84eb7b6\"\u003e16bee31\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update deps matching '@opentelemetry/*' (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/bd569b54fbdbf4e7bb915c43ff7c6e88ab451738\"\u003ebd569b5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\n\u003cul\u003e\n\u003cli\u003edependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-amqplib\u003c/code\u003e bumped from ^0.65.0 to ^0.66.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-aws-lambda\u003c/code\u003e bumped from ^0.70.0 to ^0.71.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-aws-sdk\u003c/code\u003e bumped from ^0.73.0 to ^0.74.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-bunyan\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-cassandra-driver\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-connect\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-cucumber\u003c/code\u003e bumped from ^0.34.0 to ^0.35.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-dataloader\u003c/code\u003e bumped from ^0.35.0 to ^0.36.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-dns\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-express\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-fs\u003c/code\u003e bumped from ^0.37.0 to ^0.38.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-generic-pool\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-graphql\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-hapi\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e bumped from ^0.1.0 to ^0.2.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-ioredis\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-kafkajs\u003c/code\u003e bumped from ^0.27.0 to ^0.28.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-knex\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-koa\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-lru-memoizer\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-memcached\u003c/code\u003e bumped from ^0.61.0 to ^0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mongodb\u003c/code\u003e bumped from ^0.71.0 to ^0.72.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mongoose\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mysql\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-mysql2\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-nestjs-core\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-net\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-openai\u003c/code\u003e bumped from ^0.16.0 to ^0.17.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-oracledb\u003c/code\u003e bumped from ^0.43.0 to ^0.44.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-pg\u003c/code\u003e bumped from ^0.70.0 to ^0.71.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-pino\u003c/code\u003e bumped from ^0.64.0 to ^0.65.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-redis\u003c/code\u003e bumped from ^0.66.0 to ^0.67.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-restify\u003c/code\u003e bumped from ^0.63.0 to ^0.64.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-router\u003c/code\u003e bumped from ^0.62.0 to ^0.63.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-runtime-node\u003c/code\u003e bumped from ^0.31.0 to ^0.32.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-socket\u003c/code\u003e.io bumped from ^0.65.0 to ^0.66.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​opentelemetry/instrumentation-tedious\u003c/code\u003e bumped from ^0.37.0 to ^0.38.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/4e52a9053029304f271b7dbe1b07e7fb2b987e30\"\u003e\u003ccode\u003e4e52a90\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3524\"\u003e#3524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/bd569b54fbdbf4e7bb915c43ff7c6e88ab451738\"\u003e\u003ccode\u003ebd569b5\u003c/code\u003e\u003c/a\u003e feat(deps): update deps matching '@opentelemetry/*' (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3567\"\u003e#3567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/16bee31051d92e8add717a798c967147a84eb7b6\"\u003e\u003ccode\u003e16bee31\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003e@​opentelemetry/instrumentation-host-metrics\u003c/code\u003e and integrate into auto...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/15ef7506553f631ea4181391e0c5725a56f0d082\"\u003e\u003ccode\u003e15ef750\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3508\"\u003e#3508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commit/e26a90af6e2fb4666b22388b770add7a60140c9b\"\u003e\u003ccode\u003ee26a90a\u003c/code\u003e\u003c/a\u003e feat(deps): update deps matching '@opentelemetry/*' (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node/issues/3523\"\u003e#3523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js-contrib/commits/auto-instrumentations-node-v0.77.0/packages/auto-instrumentations-node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-trace-otlp-http` from 0.214.0 to 0.219.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-trace-otlp-http's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.219.0\u003c/h2\u003e\n\u003ch2\u003e0.219.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration)!: stop removing \u003ccode\u003enull\u003c/code\u003e values from parsed config object \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6679\"\u003e#6679\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIt is now the responsibility of the user of a parsed declarative config object, typically just the \u003ccode\u003esdk-node\u003c/code\u003e package, to handle \u003ccode\u003enull\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix(api-logs)!: Removed \u003ccode\u003eNOOP_LOGGER\u003c/code\u003e and \u003ccode\u003eNoopLogger\u003c/code\u003e exports from \u003ccode\u003e@opentelemetry/api-logs\u003c/code\u003e. Use \u003ccode\u003ecreateNoopLogger(): Logger\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6713\"\u003e#6713\u003c/a\u003e \u003ca href=\"https://github.com/dyladan\"\u003e\u003ccode\u003e@​dyladan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node)!: remove \u003ccode\u003ebuildSamplerFromConfig\u003c/code\u003e export \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6784\"\u003e#6784\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire up metric producers from declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6712\"\u003e#6712\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-logs)!: add support for attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(sdk-node): pass all config properties to log record exporters in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6708\"\u003e#6708\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): warn and ignore zero exporter timeout in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6711\"\u003e#6711\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6705\"\u003e#6705\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): do not attempt to skip groups \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6704\"\u003e#6704\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-grpc-exporter-base): recreate client after 5 consecutive \u003ccode\u003eDEADLINE_EXCEEDED\u003c/code\u003e to recover from connection dropped deadlock \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6296\"\u003e#6296\u003c/a\u003e \u003ca href=\"https://github.com/afharo\"\u003e\u003ccode\u003e@​afharo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): use the right semantic convention for user agent resource attribute \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6729\"\u003e#6729\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): user agent resource attribute always \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6754\"\u003e#6754\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6727\"\u003e#6727\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-logs): avoid null dereference in \u003ccode\u003eBatchLogRecordProcessor._flushAll\u003c/code\u003e when an in-flight export completes between awaits \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6763\"\u003e#6763\u003c/a\u003e \u003ca href=\"https://github.com/Janealter\"\u003e\u003ccode\u003e@​Janealter\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve environment variable substitution to handle all the cases shown in the spec \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6757\"\u003e#6757\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:books: Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs(otlp-exporter-base): index the package's public API in generated docs so types like \u003ccode\u003eOTLPExporterNodeConfigBase\u003c/code\u003e resolve and link from consumer exporter pages \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6725\"\u003e#6725\u003c/a\u003e \u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6710\"\u003e#6710\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/13a035bc695996cf4aec885fef7b9866f48bc555\"\u003e\u003ccode\u003e13a035b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6756\"\u003e#6756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/4b13587d1e08b47baf153e5312ccd08a3240d074\"\u003e\u003ccode\u003e4b13587\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/71d195c508320295f1892aaed1ee2f1971ffb470\"\u003e\u003ccode\u003e71d195c\u003c/code\u003e\u003c/a\u003e chore(renovate): set minimumReleaseAge to 3 days (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6792\"\u003e#6792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/555fca6ce94fb8d40a5f869dbd28e43143b4e730\"\u003e\u003ccode\u003e555fca6\u003c/code\u003e\u003c/a\u003e Update renovate.json to use matchManagers (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6141\"\u003e#6141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b711a81d5262904245d70f1857b6f3bc811b22cd\"\u003e\u003ccode\u003eb711a81\u003c/code\u003e\u003c/a\u003e docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/da704029ccd291d65402f3d1c469bd3f25aec047\"\u003e\u003ccode\u003eda70402\u003c/code\u003e\u003c/a\u003e fix(ci): supply-chain sec: disable caching in release-related workflow (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6790\"\u003e#6790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/002267b1c639aac1d2f1d6e5c7ac3ed023109ea0\"\u003e\u003ccode\u003e002267b\u003c/code\u003e\u003c/a\u003e chore: complete the move to the smaller SPDX license header (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6791\"\u003e#6791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/056ef9c4e1ddf9306477b7ce26acc7be489f9c6c\"\u003e\u003ccode\u003e056ef9c\u003c/code\u003e\u003c/a\u003e feat(sdk-metrics): implement metric reader metrics (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6449\"\u003e#6449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/3bd69ce18011f9a16a7231489d9c3acc8294e8d9\"\u003e\u003ccode\u003e3bd69ce\u003c/code\u003e\u003c/a\u003e fix(configuration): improve environment variable substitution to handle all t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/bfbda7c2d90e1686f51cd0fc4d02d785ab9a9cc0\"\u003e\u003ccode\u003ebfbda7c\u003c/code\u003e\u003c/a\u003e docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.214.0...experimental/v0.219.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.214.0 to 0.219.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.219.0\u003c/h2\u003e\n\u003ch2\u003e0.219.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration)!: stop removing \u003ccode\u003enull\u003c/code\u003e values from parsed config object \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6679\"\u003e#6679\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIt is now the responsibility of the user of a parsed declarative config object, typically just the \u003ccode\u003esdk-node\u003c/code\u003e package, to handle \u003ccode\u003enull\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix(api-logs)!: Removed \u003ccode\u003eNOOP_LOGGER\u003c/code\u003e and \u003ccode\u003eNoopLogger\u003c/code\u003e exports from \u003ccode\u003e@opentelemetry/api-logs\u003c/code\u003e. Use \u003ccode\u003ecreateNoopLogger(): Logger\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6713\"\u003e#6713\u003c/a\u003e \u003ca href=\"https://github.com/dyladan\"\u003e\u003ccode\u003e@​dyladan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node)!: remove \u003ccode\u003ebuildSamplerFromConfig\u003c/code\u003e export \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6784\"\u003e#6784\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire up metric producers from declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6712\"\u003e#6712\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-logs)!: add support for attributes in LoggerOptions \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6573\"\u003e#6573\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(sdk-node): pass all config properties to log record exporters in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6708\"\u003e#6708\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): warn and ignore zero exporter timeout in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6711\"\u003e#6711\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6705\"\u003e#6705\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): do not attempt to skip groups \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6704\"\u003e#6704\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-grpc-exporter-base): recreate client after 5 consecutive \u003ccode\u003eDEADLINE_EXCEEDED\u003c/code\u003e to recover from connection dropped deadlock \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6296\"\u003e#6296\u003c/a\u003e \u003ca href=\"https://github.com/afharo\"\u003e\u003ccode\u003e@​afharo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): use the right semantic convention for user agent resource attribute \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6729\"\u003e#6729\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(browser-detector): user agent resource attribute always \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6754\"\u003e#6754\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6727\"\u003e#6727\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-logs): avoid null dereference in \u003ccode\u003eBatchLogRecordProcessor._flushAll\u003c/code\u003e when an in-flight export completes between awaits \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6763\"\u003e#6763\u003c/a\u003e \u003ca href=\"https://github.com/Janealter\"\u003e\u003ccode\u003e@​Janealter\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve environment variable substitution to handle all the cases shown in the spec \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6757\"\u003e#6757\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:books: Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs(otlp-exporter-base): index the package's public API in generated docs so types like \u003ccode\u003eOTLPExporterNodeConfigBase\u003c/code\u003e resolve and link from consumer exporter pages \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6725\"\u003e#6725\u003c/a\u003e \u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6710\"\u003e#6710\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/13a035bc695996cf4aec885fef7b9866f48bc555\"\u003e\u003ccode\u003e13a035b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6756\"\u003e#6756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/4b13587d1e08b47baf153e5312ccd08a3240d074\"\u003e\u003ccode\u003e4b13587\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/71d195c508320295f1892aaed1ee2f1971ffb470\"\u003e\u003ccode\u003e71d195c\u003c/code\u003e\u003c/a\u003e chore(renovate): set minimumReleaseAge to 3 days (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6792\"\u003e#6792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/555fca6ce94fb8d40a5f869dbd28e43143b4e730\"\u003e\u003ccode\u003e555fca6\u003c/code\u003e\u003c/a\u003e Update renovate.json to use matchManagers (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6141\"\u003e#6141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b711a81d5262904245d70f1857b6f3bc811b22cd\"\u003e\u003ccode\u003eb711a81\u003c/code\u003e\u003c/a\u003e docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/da704029ccd291d65402f3d1c469bd3f25aec047\"\u003e\u003ccode\u003eda70402\u003c/code\u003e\u003c/a\u003e fix(ci): supply-chain sec: disable caching in release-related workflow (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6790\"\u003e#6790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/002267b1c639aac1d2f1d6e5c7ac3ed023109ea0\"\u003e\u003ccode\u003e002267b\u003c/code\u003e\u003c/a\u003e chore: complete the move to the smaller SPDX license header (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6791\"\u003e#6791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/056ef9c4e1ddf9306477b7ce26acc7be489f9c6c\"\u003e\u003ccode\u003e056ef9c\u003c/code\u003e\u003c/a\u003e feat(sdk-metrics): implement metric reader metrics (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6449\"\u003e#6449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/3bd69ce18011f9a16a7231489d9c3acc8294e8d9\"\u003e\u003ccode\u003e3bd69ce\u003c/code\u003e\u003c/a\u003e fix(configuration): improve environment variable substitution to handle all t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/bfbda7c2d90e1686f51cd0fc4d02d785ab9a9cc0\"\u003e\u003ccode\u003ebfbda7c\u003c/code\u003e\u003c/a\u003e docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.214.0...experimental/v0.219.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `class-validator` from 0.14.4 to 0.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typestack/class-validator/releases\"\u003eclass-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: publish 0.15.0 for real by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2671\"\u003etypestack/class-validator#2671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: publish 0.15.1 by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2672\"\u003etypestack/class-validator#2672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.15.0...v0.15.1\"\u003ehttps://github.com/typestack/class-validator/compare/v0.15.0...v0.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add \u003ccode\u003eIsISO31661Numeric\u003c/code\u003e decorator for country codes by \u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003etypestack/class-validator#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: \u003ccode\u003evalidateIf\u003c/code\u003e for validation options by \u003ca href=\"https://github.com/aoi-umi\"\u003e\u003ccode\u003e@​aoi-umi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003etypestack/class-validator#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: update UUID validation to support versions 1-8, nil, max, and all by \u003ca href=\"https://github.com/PleBea\"\u003e\u003ccode\u003e@​PleBea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003etypestack/class-validator#2647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump vulnerable dependencies by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2669\"\u003etypestack/class-validator#2669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eisISO6391\u003c/code\u003e decorator for language codes by \u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2626\"\u003etypestack/class-validator#2626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(IsIBAN)!: Add \u003ccode\u003eIsIBANOptions\u003c/code\u003e as argument for \u003ccode\u003eIsIBAN\u003c/code\u003e decorator by \u003ca href=\"https://github.com/LiiaMenke\"\u003e\u003ccode\u003e@​LiiaMenke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003etypestack/class-validator#2618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix small grammatical error in README.md by \u003ca href=\"https://github.com/igorrocha\"\u003e\u003ccode\u003e@​igorrocha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003etypestack/class-validator#2596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: release 0.15.0 by \u003ca href=\"https://github.com/braaar\"\u003e\u003ccode\u003e@​braaar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2670\"\u003etypestack/class-validator#2670\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RobinvanderVliet\"\u003e\u003ccode\u003e@​RobinvanderVliet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003etypestack/class-validator#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aoi-umi\"\u003e\u003ccode\u003e@​aoi-umi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003etypestack/class-validator#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PleBea\"\u003e\u003ccode\u003e@​PleBea\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003etypestack/class-validator#2647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LiiaMenke\"\u003e\u003ccode\u003e@​LiiaMenke\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003etypestack/class-validator#2618\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/igorrocha\"\u003e\u003ccode\u003e@​igorrocha\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003etypestack/class-validator#2596\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.0\"\u003ehttps://github.com/typestack/class-validator/compare/v0.14.4...v0.15.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md\"\u003eclass-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.1\"\u003e0.15.1\u003c/a\u003e (2026-02-26)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded options argument to IsIBAN validator (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2618\"\u003e#2618\u003c/a\u003e), which breaks any existing usage of this decorator that pass an argument to the decorator, e.g. \u003ccode\u003e@IsIBAN({forbidUnknownValues: false})\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated lockfile to patch vulnerabilities (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2669\"\u003e#2669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a small grammatical error in the docs (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2596\"\u003e#2596\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003evalidateIf\u003c/code\u003e option to all validators, providing a lot more flexibility in using conditional validation (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded IsISO31661Numeric validator for country codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2657\"\u003e#2657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded IsISO6391 validator for language codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2626\"\u003e#2626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded more versions to IsUUID validator options. (\u003ca href=\"https://redirect.github.com/typestack/class-validator/pull/2647\"\u003e#2647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/2e1a5c27dbd65b80e27fe96b49bd6e6641fa3603\"\u003e\u003ccode\u003e2e1a5c2\u003c/code\u003e\u003c/a\u003e chore: publish 0.15.1 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2672\"\u003e#2672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/737d2a7d7e40e4f4b4e994ad73bffe880bbe8f5c\"\u003e\u003ccode\u003e737d2a7\u003c/code\u003e\u003c/a\u003e chore: publish 0.15.0 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2671\"\u003e#2671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/8bc5f961cd31c4965e532a7867ed3ed2a90516db\"\u003e\u003ccode\u003e8bc5f96\u003c/code\u003e\u003c/a\u003e chore: release 0.15.0 (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2670\"\u003e#2670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/dc41588b82f83544b58216d111af1bfcf6ddd5a6\"\u003e\u003ccode\u003edc41588\u003c/code\u003e\u003c/a\u003e fix small grammatical error in README.md (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2596\"\u003e#2596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/2c0ff5325852f8f8bdeb30377c13ce7c3aec7328\"\u003e\u003ccode\u003e2c0ff53\u003c/code\u003e\u003c/a\u003e feat(IsIBAN): Add IsIBANOptions as argument for IsIBAN decorator (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2618\"\u003e#2618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/e0eaa02e4afd697a3441d2f92fa23fcf6d38fb9b\"\u003e\u003ccode\u003ee0eaa02\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eisISO6391\u003c/code\u003e decorator for language codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2626\"\u003e#2626\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/a8b2f6e8b785cba423af9b9c5654543a188cf1ee\"\u003e\u003ccode\u003ea8b2f6e\u003c/code\u003e\u003c/a\u003e chore: bump vulnerable dependencies (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2669\"\u003e#2669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/35e589d22afc8cf4e65886001c67f6f6e6cf0e90\"\u003e\u003ccode\u003e35e589d\u003c/code\u003e\u003c/a\u003e feat: update UUID validation to support versions 1-8, nil, max, and all (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2647\"\u003e#2647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/042fb5783e2cc4255aa6296f102c348f25a759ca\"\u003e\u003ccode\u003e042fb57\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003evalidateIf\u003c/code\u003e to validation options (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typestack/class-validator/commit/4fcad7b629b04f4ba343ffb91cbcb9f01a1e2f5a\"\u003e\u003ccode\u003e4fcad7b\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eIsISO31661Numeric\u003c/code\u003e decorator for country codes (\u003ca href=\"https://redirect.github.com/typestack/class-validator/issues/2657\"\u003e#2657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typestack/class-validator/compare/v0.14.4...v0.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ioredis` from 5.10.0 to 5.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/luin/ioredis/releases\"\u003eioredis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.11.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.11.0...v5.11.1\"\u003e5.11.1\u003c/a\u003e (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003ec84b2ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eparse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e131ee24\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.11.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.1...v5.11.0\"\u003e5.11.0\u003c/a\u003e (2026-05-26)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent RangeError from string accumulation in pipeline (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2088\"\u003e#2088\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/defc07716a9ef10c2077ec4e23ea48cb9ea731fc\"\u003edefc077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated url.parse() with WHATWG URL API (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2081\"\u003e#2081\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0021a4590e286aabbf27f4e2fc18f9d2de829ef0\"\u003e0021a45\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/redis/ioredis/issues/1747\"\u003eredis/ioredis#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003ebaf68d6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e37d0695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Redis MSETEX support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2111\"\u003e#2111\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/04a4615e8e96b9c58d017e360b5eaafede8973d0\"\u003e04a4615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd typed GCRA command support and functional tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2094\"\u003e#2094\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/468a8023cd2c8f342ec7c55a01bf0c8d17e4b877\"\u003e468a802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003eb7b3def\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd xnack command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2103\"\u003e#2103\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/187d29b45000ee46a4baa8ce91eacfa04675aee8\"\u003e187d29b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd zinter zunion count (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2104\"\u003e#2104\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0d510bbc1cfc8b01d862b76c408f6687f6e77809\"\u003e0d510bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003eTracingChannel\u003c/code\u003e support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2089\"\u003e#2089\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4760e0a19c194f29f4feb703003dcf046e4509cd\"\u003e4760e0a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.10.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.10.1\"\u003e5.10.1\u003c/a\u003e (2026-03-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e lazily start sharded subscribers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2090\"\u003e#2090\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4f167bb9f494f0e8200a20dedd8bbdf1810fcd22\"\u003e4f167bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/redis/ioredis/blob/main/CHANGELOG.md\"\u003eioredis's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.11.0...v5.11.1\"\u003e5.11.1\u003c/a\u003e (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003ec84b2ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eparse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e131ee24\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.1...v5.11.0\"\u003e5.11.0\u003c/a\u003e (2026-05-26)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent RangeError from string accumulation in pipeline (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2088\"\u003e#2088\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/defc07716a9ef10c2077ec4e23ea48cb9ea731fc\"\u003edefc077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereplace deprecated url.parse() with WHATWG URL API (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2081\"\u003e#2081\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0021a4590e286aabbf27f4e2fc18f9d2de829ef0\"\u003e0021a45\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/redis/ioredis/issues/1747\"\u003eredis/ioredis#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003ebaf68d6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e37d0695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Redis MSETEX support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2111\"\u003e#2111\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/04a4615e8e96b9c58d017e360b5eaafede8973d0\"\u003e04a4615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd typed GCRA command support and functional tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2094\"\u003e#2094\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/468a8023cd2c8f342ec7c55a01bf0c8d17e4b877\"\u003e468a802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003eb7b3def\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd xnack command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2103\"\u003e#2103\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/187d29b45000ee46a4baa8ce91eacfa04675aee8\"\u003e187d29b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd zinter zunion count (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2104\"\u003e#2104\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/0d510bbc1cfc8b01d862b76c408f6687f6e77809\"\u003e0d510bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003eTracingChannel\u003c/code\u003e support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2089\"\u003e#2089\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4760e0a19c194f29f4feb703003dcf046e4509cd\"\u003e4760e0a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.10.1\"\u003e5.10.1\u003c/a\u003e (2026-03-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecluster:\u003c/strong\u003e lazily start sharded subscribers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2090\"\u003e#2090\u003c/a\u003e) (\u003ca href=\"https://github.com/luin/ioredis/commit/4f167bb9f494f0e8200a20dedd8bbdf1810fcd22\"\u003e4f167bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/fb224a7609b6d25959e06e31fdab2460d1f75691\"\u003e\u003ccode\u003efb224a7\u003c/code\u003e\u003c/a\u003e chore(release): 5.11.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/131ee24173380b986e62ecc428ddde82be12bc40\"\u003e\u003ccode\u003e131ee24\u003c/code\u003e\u003c/a\u003e fix: parse protocol-relative Redis URLs as TCP connections (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/c84b2ee97fd7b25d8f6ef8b509c228a602f47cca\"\u003e\u003ccode\u003ec84b2ee\u003c/code\u003e\u003c/a\u003e fix(cluster): reconnect to nodes that restart without slot changes (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2096\"\u003e#2096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/14904327fc212d1f592172d776ebe45178fb7ee7\"\u003e\u003ccode\u003e1490432\u003c/code\u003e\u003c/a\u003e chore(release): 5.11.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/5359d4d090c17f2ca1e86d92b139cd935ba4643d\"\u003e\u003ccode\u003e5359d4d\u003c/code\u003e\u003c/a\u003e refactor(utils): inline defaults and isArguments helpers (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/b7b3defbd119d07fb86d071d5eefc255db4920c2\"\u003e\u003ccode\u003eb7b3def\u003c/code\u003e\u003c/a\u003e feat: add vector set command support (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2116\"\u003e#2116\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/faa53fdfae7f605c19bd74564639640f9d30d404\"\u003e\u003ccode\u003efaa53fd\u003c/code\u003e\u003c/a\u003e ci: update Node.js and Redis test matrix (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2119\"\u003e#2119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/37d0695b212d865ef24132acff85420ae51dde50\"\u003e\u003ccode\u003e37d0695\u003c/code\u003e\u003c/a\u003e feat: add increx command (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/612ee9dfe96c1df942eaa415ca94881077191b5c\"\u003e\u003ccode\u003e612ee9d\u003c/code\u003e\u003c/a\u003e chore: update Redis 8.8 test image to custom (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/ioredis/commit/baf68d6d89553672cfac3e08543467b910b561c5\"\u003e\u003ccode\u003ebaf68d6\u003c/code\u003e\u003c/a\u003e feat: add array commands, typings and tests (\u003ca href=\"https://redirect.github.com/luin/ioredis/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/luin/ioredis/compare/v5.10.0...v5.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.13.3 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `neo4j-driver` from 6.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/releases\"\u003eneo4j-driver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003cp\u003eIntroduces the full, stabilized version of Object Mapping, as well as very simple retries that should make \u003ccode\u003eSession.run()\u003c/code\u003e handle rate-limiting on Aura more gracefully. Alongside a number of minor fixes.\u003c/p\u003e\n\u003ch4\u003e⭐ New Features\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eStabilized Record Object Mapping and introduced Parameter Object Mapping. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1362\"\u003e#1362\u003c/a\u003e \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1407\"\u003e#1407\u003c/a\u003e NOTE: A usage guide can be found in the PR description on \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1407\"\u003e#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd single-shot retry for Idempotent errors on \u003ccode\u003eSession.run()\u003c/code\u003e, these will currently only trigger on errors caused by Aura rate-limiting. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🔧 Fixes\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect TypeScript exports for Record Object Mapping. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1359\"\u003e#1359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove error message for starting work on a busy session. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1363\"\u003e#1363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error handling for unexpected errors in Authentication Provider. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1366\"\u003e#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix issue causing SNI deprecation warnings when correcting to an IP. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1369\"\u003e#1369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEagerly send discard on close if connection is waiting to pull more, solves issue related to corner-case missuse that could make the driver release an unclean connection to the pool. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1403\"\u003e#1403\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not mark Result as consumed when \u003ccode\u003eResult.keys()\u003c/code\u003e is awaited. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1402\"\u003e#1402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🧹 Housekeeping\u003c/h4\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eSession.run()\u003c/code\u003e docs with warnings on the auto-commit nature of the function. \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1389\"\u003e#1389\u003c/a\u003e \u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1390\"\u003e#1390\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs reference to dbms.setTXMetaData which is renamed to tx.setMetaData.\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/pull/1408\"\u003e#1408\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/81f7d820a3020d338a2e74fc5534e7ed9213e9fd\"\u003e\u003ccode\u003e81f7d82\u003c/code\u003e\u003c/a\u003e bump deno to 6.1.0 (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1421\"\u003e#1421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/a06109cbf5625bf31b29c15305d8127f449441bb\"\u003e\u003ccode\u003ea06109c\u003c/code\u003e\u003c/a\u003e Pre-release changes to Object Mapping (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1407\"\u003e#1407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/2595d6792634dac69d8aa5fa1b952e972eec32ae\"\u003e\u003ccode\u003e2595d67\u003c/code\u003e\u003c/a\u003e Update docs reference to dbms.setTXMetaData (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1408\"\u003e#1408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/18c681aee1f2abaa8abb08f9cbb6c5601d37e4fe\"\u003e\u003ccode\u003e18c681a\u003c/code\u003e\u003c/a\u003e Result.close() send discard directly if waiting for more (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1403\"\u003e#1403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/a98f9c5ad7df356031bcd9cc1a0b77989c5b2713\"\u003e\u003ccode\u003ea98f9c5\u003c/code\u003e\u003c/a\u003e Add retries for idempotent errors on Session.run() (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1404\"\u003e#1404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/d88417126800a8d92062f42d474b1fbddc472742\"\u003e\u003ccode\u003ed884171\u003c/code\u003e\u003c/a\u003e Development Dependency updates and tightening security (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1405\"\u003e#1405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/6714eba432cf5817f3ddd0e2ca6a1adab49d6cab\"\u003e\u003ccode\u003e6714eba\u003c/code\u003e\u003c/a\u003e Fix error piping in gulpfile (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1406\"\u003e#1406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/2caa88a624fe7e266abc8d95853d2810bc297786\"\u003e\u003ccode\u003e2caa88a\u003c/code\u003e\u003c/a\u003e Expand Record Object Mapping to allow Parameter Mapping (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1362\"\u003e#1362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/6357e659abb1f2581b7ca1777a0777b046721233\"\u003e\u003ccode\u003e6357e65\u003c/code\u003e\u003c/a\u003e do not add \u0026quot;onCompleted\u0026quot; on keys observer (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1402\"\u003e#1402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/commit/1ec186ae47d989bf247d038a0f9c9960c135111d\"\u003e\u003ccode\u003e1ec186a\u003c/code\u003e\u003c/a\u003e TestKit backend: fix BigInt serialization (\u003ca href=\"https://redirect.github.com/neo4j/neo4j-javascript-driver/issues/1397\"\u003e#1397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/neo4j/neo4j-javascript-driver/compare/6.0.1...6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pg` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md\"\u003epg's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epg@8.21.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3521\"\u003eSASL SCRAM\u003c/a\u003e server error responses properly.\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3667\"\u003enode@26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003escramMaxIterations\u003c/code\u003e \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3677\"\u003econfig option\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eclient.getTransactionStatus()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/brianc/node-postgres/pull/3645\"\u003emethod\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/544b1ce8152bc280e398dc1e8a66920abe6a640e\"\u003e\u003ccode\u003e544b1ce\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/cc03fa5cdf0f1e67b2518ebad5cf2269206aa49c\"\u003e\u003ccode\u003ecc03fa5\u003c/code\u003e\u003c/a\u003e Add scramMaxIterations option to limit SCRAM iteration count (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/f776327b3fcdd997c67e866ef7c620ef9c26b3f2\"\u003e\u003ccode\u003ef776327\u003c/code\u003e\u003c/a\u003e Remove compatibility code for unsupported versions of Node (\u0026lt;16) (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3678\"\u003e#3678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/f252870eba73c15449b57562e6698b5859e32095\"\u003e\u003ccode\u003ef252870\u003c/code\u003e\u003c/a\u003e cleanup: pg utils (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/c8da6ab9326d93005e6947217cf665f707e08ec7\"\u003e\u003ccode\u003ec8da6ab\u003c/code\u003e\u003c/a\u003e Assorted test cleanup (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/fa47e73349786c2a76db98801d60c05371b0a906\"\u003e\u003ccode\u003efa47e73\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003eClient#end\u003c/code\u003e callback being called multiple times when first is no-op (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/88a7e60c7191ce8061d6276b299895bf5511e042\"\u003e\u003ccode\u003e88a7e60\u003c/code\u003e\u003c/a\u003e cleanup: Move declaration to more natural place\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/2095247a7b10ebe19cd7d518e07ee2f259dda70a\"\u003e\u003ccode\u003e2095247\u003c/code\u003e\u003c/a\u003e cleanup: Combine duplicated code in \u003ccode\u003eClient#query\u003c/code\u003e and avoid unneeded early n...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/0ac3eddef6481f4e4f9359c65d3c0cfd7d2124e1\"\u003e\u003ccode\u003e0ac3edd\u003c/code\u003e\u003c/a\u003e fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianc/node-postgres/commit/be880d45552269f0b847a3e568014bde6536eae3\"\u003e\u003ccode\u003ebe880d4\u003c/code\u003e\u003c/a\u003e Assorted test fixes and cleanup (\u003ca href=\"https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter` from 0.21.1 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/releases\"\u003etree-sitter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.22.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/compare/v0.22.3...v0.22.4\"\u003ehttps://github.com/tree-sitter/node-tree-sitter/compare/v0.22.3...v0.22.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/3343ab8cf99540caf792eb69a29c243defffa983\"\u003e\u003ccode\u003e3343ab8\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/6d718f90e901e5a4120368ad7e1fa09ded76ce53\"\u003e\u003ccode\u003e6d718f9\u003c/code\u003e\u003c/a\u003e Bump core lib to 0.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/8ff5c15c1fb521a42b192f0139ed8e7b5bc67ed9\"\u003e\u003ccode\u003e8ff5c15\u003c/code\u003e\u003c/a\u003e chore: update \u003ccode\u003eFUNDING.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/558bfd4c509332ff1e749dbbe76fd65501342bf0\"\u003e\u003ccode\u003e558bfd4\u003c/code\u003e\u003c/a\u003e chore: add \u003ccode\u003eFUNDING.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/483e1853edd4e3e228dd0b0b3196d7cb85a4b093\"\u003e\u003ccode\u003e483e185\u003c/code\u003e\u003c/a\u003e 0.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/733a096d6a3bf5750f3f80414f1742289d99fa6c\"\u003e\u003ccode\u003e733a096\u003c/code\u003e\u003c/a\u003e ci(publish): ensure filenames are unique\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/fe9facc48f27ac0f567409e9bce62fe92d3c184e\"\u003e\u003ccode\u003efe9facc\u003c/code\u003e\u003c/a\u003e 0.22.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/8fdbb4cf91aa456ca96d82cad8d56d86e86b559d\"\u003e\u003ccode\u003e8fdbb4c\u003c/code\u003e\u003c/a\u003e ci(publish): correct gh release step\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/424fb657c6db5776008a545ff9b0e0db7714d3a3\"\u003e\u003ccode\u003e424fb65\u003c/code\u003e\u003c/a\u003e docs(readme): fix docs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/commit/e1c57810b91efc6caa6feab1fef62a16c011ee99\"\u003e\u003ccode\u003ee1c5781\u003c/code\u003e\u003c/a\u003e 0.22.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/node-tree-sitter/compare/v0.21.1...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-go` from 0.21.2 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/releases\"\u003etree-sitter-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.gz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-go.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/1547678a9da59885853f5f5cc8a99cc203fa2e2c\"\u003e\u003ccode\u003e1547678\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/3f912e94d24fe884d3cfbacf47dd764bdf7aa67f\"\u003e\u003ccode\u003e3f912e9\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/179ca03b3ac7da8ed7466fc4a8b6b445c3c968da\"\u003e\u003ccode\u003e179ca03\u003c/code\u003e\u003c/a\u003e feat: expose statement list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/e25214e92f1e997940a3bd2f3ced2a2ddf7f027f\"\u003e\u003ccode\u003ee25214e\u003c/code\u003e\u003c/a\u003e fix: allow the terminator to be omitted for the last element\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/edea6bf2824e0426277562da521aa07afc814af8\"\u003e\u003ccode\u003eedea6bf\u003c/code\u003e\u003c/a\u003e fix: give index expressions a dynamic precedence of 1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/e1076e566acfa8c1d268f64b3bad27b6d42c52d0\"\u003e\u003ccode\u003ee1076e5\u003c/code\u003e\u003c/a\u003e feat: support generic type aliases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/00a299e703431dfa07680f4e55e260bfc9a4c875\"\u003e\u003ccode\u003e00a299e\u003c/code\u003e\u003c/a\u003e ci: update test failures, use macos-15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/93c2bb6ff269013aea1c5f7f0957881197a9adac\"\u003e\u003ccode\u003e93c2bb6\u003c/code\u003e\u003c/a\u003e build: update bindings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/1496eb74bfd2c5e7c26d6fc711d5135741e5a1fa\"\u003e\u003ccode\u003e1496eb7\u003c/code\u003e\u003c/a\u003e feat: use the new reserved rules api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/commit/c350fa54d38af725c40d061a602ee3205ef1e072\"\u003e\u003ccode\u003ec350fa5\u003c/code\u003e\u003c/a\u003e ci: bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/tree-sitter-go/compare/v0.21.2...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-java` from 0.21.0 to 0.23.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/releases\"\u003etree-sitter-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.23.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-java.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/94703d5a6bed02b98e438d7cad1136c01a60ba2c\"\u003e\u003ccode\u003e94703d5\u003c/code\u003e\u003c/a\u003e 0.23.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/de816732671830873ee52a91998a0febb603e012\"\u003e\u003ccode\u003ede81673\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/488557612b44bde9c5e8c3011138992a8e500c90\"\u003e\u003ccode\u003e4885576\u003c/code\u003e\u003c/a\u003e feat: allow reserved identifiers in \u003ccode\u003eelement_value_pair\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/24a58d8aab267e082fcead83c8c54056dd340060\"\u003e\u003ccode\u003e24a58d8\u003c/code\u003e\u003c/a\u003e fix: correct floating point literal parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/33a3868b15007ffd33aa66ab3f46da879db49a12\"\u003e\u003ccode\u003e33a3868\u003c/code\u003e\u003c/a\u003e fix: allow annotations after the \u003ccode\u003eellipsis\u003c/code\u003e in a spread parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/e75fda28779a11d4da5a878c795de8e520e7c9c2\"\u003e\u003ccode\u003ee75fda2\u003c/code\u003e\u003c/a\u003e fix: give \u003ccode\u003eyield\u003c/code\u003e in \u003ccode\u003e_reserved_identifier\u003c/code\u003e a precedence of 0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/04a649d1a0c40e53f946677463d7d8c4e8d6d0db\"\u003e\u003ccode\u003e04a649d\u003c/code\u003e\u003c/a\u003e feat(highlights): add more keywords\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/a1bbe92a6370bb4c15386735fbda12f2b812a923\"\u003e\u003ccode\u003ea1bbe92\u003c/code\u003e\u003c/a\u003e 0.23.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/875834dc197380a1d6a02423a7dbfce566c112d8\"\u003e\u003ccode\u003e875834d\u003c/code\u003e\u003c/a\u003e ci(publish): add attestations and generate parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/commit/68dd78169aa15424d1b595d203beb14c0c6fd65b\"\u003e\u003ccode\u003e68dd781\u003c/code\u003e\u003c/a\u003e ci: bump tree-sitter/setup-action from 1 to 2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tree-sitter/tree-sitter-java/compare/v0.21.0...v0.23.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tree-sitter-javascript` from 0.21.4 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/releases\"\u003etree-sitter-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-javascript.tar.gz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003ch2\u003ev0.23.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e Download \u003ccode\u003etree-sitter-javascript.tar.xz\u003c/code\u003e for the \u003cem\u003ecomplete\u003c/em\u003e source code.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/44c892e0be055ac465d5eeddae6d3e194424e7de\"\u003e\u003ccode\u003e44c892e\u003c/code\u003e\u003c/a\u003e 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/5f100b023ecbae8cfe304bfe661a4116d457ee63\"\u003e\u003ccode\u003e5f100b0\u003c/code\u003e\u003c/a\u003e docs: clarify targeted ECMAScript version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/2409583e3710cb9eaa3e7556ab2d4e4c6b37885b\"\u003e\u003ccode\u003e2409583\u003c/code\u003e\u003c/a\u003e chore: generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tree-sitter/tree-sitter-javascript/commit/39798e26b6d4dbcee8e522b8db83f8b2df33a5ea\"\u003e\u003ccode\u003e39798e2\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eawait\u003c/code\u003e to reserved ident...\n\n_Description has been truncated_","html_url":"https://github.com/MUST-Company-AX-Booster/coderover/pull/105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MUST-Company-AX-Booster%2Fcoderover/issues/105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/105/packages"}},{"old_version":"18.1.2","new_version":"18.2.1","update_type":"minor","path":null,"pr_created_at":"2026-06-14T23:37:38.000Z","version_change":"18.1.2 → 18.2.1","issue":{"uuid":"4661023227","node_id":"PR_kwDOS6xlaM7mVA_I","number":7,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T23:37:38.000Z","updated_at":"2026-06-14T23:41:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"ws","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"protobufjs","old_version":"7.5.6","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 3 updates in the /scripts/whatsapp-bridge directory: [qs](https://github.com/ljharb/qs), [ws](https://github.com/websockets/ws) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the / directory: [joi](https://github.com/hapijs/joi) and [esbuild](https://github.com/evanw/esbuild).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.6 to 7.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.4/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f8f64efbfc5b52997beb7549e7ea722704320cb1\"\u003e\u003ccode\u003ef8f64ef\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2330\"\u003e#2330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e\u003ccode\u003e574f761\u003c/code\u003e\u003c/a\u003e fix: Reconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e\u003ccode\u003e06ddd07\u003c/code\u003e\u003c/a\u003e fix: Remove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1d3796d7d29830c73eec792ccbe769be6aa020ac\"\u003e\u003ccode\u003e1d3796d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2317\"\u003e#2317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003e\u003ccode\u003edf91652\u003c/code\u003e\u003c/a\u003e fix: Preserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e\u003ccode\u003e78a9576\u003c/code\u003e\u003c/a\u003e fix: Avoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ec90ef9ccc30fffe6ea9ea37e45781071898229d\"\u003e\u003ccode\u003eec90ef9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003e\u003ccode\u003ea92f72e\u003c/code\u003e\u003c/a\u003e fix: Backport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xegheplimo-web/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/xegheplimo-web/hermes-agent/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xegheplimo-web%2Fhermes-agent/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":"/website","pr_created_at":"2026-06-13T04:32:05.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654358587","node_id":"PR_kwDOSSu8zc7mA-AI","number":20,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T04:32:05.000Z","updated_at":"2026-06-13T04:34:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/WEeziel172/fjorm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/WEeziel172/fjorm/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WEeziel172%2Ffjorm/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T04:05:14.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654286353","node_id":"PR_kwDOPMRea87mAwK5","number":43,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-14T05:10:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T04:05:14.000Z","updated_at":"2026-06-14T05:10:27.000Z","time_to_close":90311,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":15,"packages":[{"name":"svelte","old_version":"5.28.2","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"vitest","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"ws","old_version":"8.18.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"next","old_version":"15.3.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"1.9.0","new_version":"1.17.0","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"shell-quote","old_version":"1.8.2","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the /code directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.28.2` | `5.55.7` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `3.2.6` |\n| [ws](https://github.com/websockets/ws) | `8.18.1` | `8.20.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [next](https://github.com/vercel/next.js) | `15.3.1` | `15.5.18` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.17.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.8` |\n| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.2` | `1.8.4` |\n\nBumps the npm_and_yarn group with 7 updates in the /scripts directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `3.2.6` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.17.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.25.0` | `3.36.0` |\n\n\nUpdates `svelte` from 5.28.2 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 3.2.4 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin last supported vite-node version  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d05\"\u003e\u003c!-- raw HTML omitted --\u003e(16f12)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.5...v3.2.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10445\"\u003evitest-dev/vitest#10445\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d\"\u003e\u003c!-- raw HTML omitted --\u003e(af88b)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10456\"\u003evitest-dev/vitest#10456\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd\"\u003e\u003c!-- raw HTML omitted --\u003e(385a1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.4...v3.2.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/b6d56f8171ae814ee7571df63a35a0da5203dbaa\"\u003e\u003ccode\u003eb6d56f8\u003c/code\u003e\u003c/a\u003e chore: release v3.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d0585677f6a32bcb3dd01fa61c140e2588\"\u003e\u003ccode\u003e16f120d\u003c/code\u003e\u003c/a\u003e fix: pin last supported vite-node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/2cbad0a923c48c6144266df3cd25f93547cb5221\"\u003e\u003ccode\u003e2cbad0a\u003c/code\u003e\u003c/a\u003e chore: release v3.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd4c2bfa5e7d58bf7c6834c929969f2c7\"\u003e\u003ccode\u003e385a1ae\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8\"\u003e\u003ccode\u003eaf88b1f\u003c/code\u003e\u003c/a\u003e feat(api): add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.3.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.3.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.9.0 to 1.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.0 — June 1, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfig Hardening:\u003c/strong\u003e Guarded \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003eparams\u003c/code\u003e, and \u003ccode\u003eparamsSerializer\u003c/code\u003e reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease Publishing:\u003c/strong\u003e Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10926\"\u003e#10926\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Compression:\u003c/strong\u003e Added Node HTTP adapter support for zstd response decompression, with \u003ccode\u003etransitional.advertiseZstdAcceptEncoding\u003c/code\u003e controlling whether \u003ccode\u003ezstd\u003c/code\u003e is advertised in \u003ccode\u003eAccept-Encoding\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10920\"\u003e#10920\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Handling:\u003c/strong\u003e Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy TLS:\u003c/strong\u003e Preserved user \u003ccode\u003ehttpsAgent\u003c/code\u003e TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native FormData:\u003c/strong\u003e Cleared default \u003ccode\u003eContent-Type\u003c/code\u003e for React Native \u003ccode\u003eFormData\u003c/code\u003e so multipart boundaries can be generated correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10898\"\u003e#10898\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10875\"\u003e#10875\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Data Merging:\u003c/strong\u003e Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBundler Compatibility:\u003c/strong\u003e Converted \u003ccode\u003eresolveConfig\u003c/code\u003e from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Corrected \u003ccode\u003eAxiosHeaders.toJSON()\u003c/code\u003e return types and updated CommonJS \u003ccode\u003eisCancel\u003c/code\u003e typings to narrow to \u003ccode\u003eCanceledError\u0026lt;T\u0026gt;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBuild Tooling:\u003c/strong\u003e Avoided emitting a null \u003ccode\u003eAuthorization\u003c/code\u003e header from the GitHub build helper when \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e is unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 Internals:\u003c/strong\u003e Extracted \u003ccode\u003eHttp2Sessions\u003c/code\u003e into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Publishing:\u003c/strong\u003e Reduced published package size by switching to a \u003ccode\u003efiles\u003c/code\u003e allowlist and dropping unneeded unminified bundle source maps. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI and Release Automation:\u003c/strong\u003e Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10907\"\u003e#10907\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10911\"\u003e#10911\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10916\"\u003e#10916\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10927\"\u003e#10927\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10935\"\u003e#10935\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeveloper Workflow:\u003c/strong\u003e Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10925\"\u003e#10925\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10914\"\u003e#10914\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation and Policy:\u003c/strong\u003e Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10890\"\u003e#10890\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10889\"\u003e#10889\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10921\"\u003e#10921\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10945\"\u003e#10945\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10933\"\u003e#10933\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10915\"\u003e#10915\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10887\"\u003e#10887\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10955\"\u003e#10955\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, \u003ccode\u003efs-extra\u003c/code\u003e, \u003ccode\u003eqs\u003c/code\u003e, docs dependencies, and GitHub Actions dependencies including \u003ccode\u003eactions/dependency-review-action\u003c/code\u003e and \u003ccode\u003ezizmorcore/zizmor-action\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10871\"\u003e#10871\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10879\"\u003e#10879\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10918\"\u003e#10918\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10919\"\u003e#10919\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10934\"\u003e#10934\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10947\"\u003e#10947\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/BasixKOR\"\u003e\u003ccode\u003e@​BasixKOR\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/carladams1299-lab\"\u003e\u003ccode\u003e@​carladams1299-lab\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/LaplaceYoung\"\u003e\u003ccode\u003e@​LaplaceYoung\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/JamieMagee\"\u003e\u003ccode\u003e@​JamieMagee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/RonGamzu\"\u003e\u003ccode\u003e@​RonGamzu\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sapirbaruch\"\u003e\u003ccode\u003e@​sapirbaruch\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nezukoagent\"\u003e\u003ccode\u003e@​nezukoagent\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Mohammad-Faiz-Cloud-Engineer\"\u003e\u003ccode\u003e@​Mohammad-Faiz-Cloud-Engineer\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/azandabot\"\u003e\u003ccode\u003e@​azandabot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/niksy\"\u003e\u003ccode\u003e@​niksy\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.1...v1.17.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.0 — June 1, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfig Hardening:\u003c/strong\u003e Guarded \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003eparams\u003c/code\u003e, and \u003ccode\u003eparamsSerializer\u003c/code\u003e reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease Publishing:\u003c/strong\u003e Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10926\"\u003e#10926\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Compression:\u003c/strong\u003e Added Node HTTP adapter support for zstd response decompression, with \u003ccode\u003etransitional.advertiseZstdAcceptEncoding\u003c/code\u003e controlling whether \u003ccode\u003ezstd\u003c/code\u003e is advertised in \u003ccode\u003eAccept-Encoding\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10920\"\u003e#10920\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Handling:\u003c/strong\u003e Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy TLS:\u003c/strong\u003e Preserved user \u003ccode\u003ehttpsAgent\u003c/code\u003e TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native FormData:\u003c/strong\u003e Cleared default \u003ccode\u003eContent-Type\u003c/code\u003e for React Native \u003ccode\u003eFormData\u003c/code\u003e so multipart boundaries can be generated correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10898\"\u003e#10898\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10875\"\u003e#10875\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Data Merging:\u003c/strong\u003e Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBundler Compatibility:\u003c/strong\u003e Converted \u003ccode\u003eresolveConfig\u003c/code\u003e from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Corrected \u003ccode\u003eAxiosHeaders.toJSON()\u003c/code\u003e return types and updated CommonJS \u003ccode\u003eisCancel\u003c/code\u003e typings to narrow to \u003ccode\u003eCanceledError\u0026lt;T\u0026gt;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBuild Tooling:\u003c/strong\u003e Avoided emitting a null \u003ccode\u003eAuthorization\u003c/code\u003e header from the GitHub build helper when \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e is unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 Internals:\u003c/strong\u003e Extracted \u003ccode\u003eHttp2Sessions\u003c/code\u003e into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Publishing:\u003c/strong\u003e Reduced published package size by switching to a \u003ccode\u003efiles\u003c/code\u003e allowlist and dropping unneeded unminified bundle source maps. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI and Release Automation:\u003c/strong\u003e Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10907\"\u003e#10907\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10911\"\u003e#10911\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10916\"\u003e#10916\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10927\"\u003e#10927\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10935\"\u003e#10935\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeveloper Workflow:\u003c/strong\u003e Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10925\"\u003e#10925\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10914\"\u003e#10914\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation and Policy:\u003c/strong\u003e Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10890\"\u003e#10890\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10889\"\u003e#10889\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10921\"\u003e#10921\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10945\"\u003e#10945\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10933\"\u003e#10933\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10915\"\u003e#10915\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10887\"\u003e#10887\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10955\"\u003e#10955\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, \u003ccode\u003efs-extra\u003c/code\u003e, \u003ccode\u003eqs\u003c/code\u003e, docs dependencies, and GitHub Actions dependencies including \u003ccode\u003eactions/dependency-review-action\u003c/code\u003e and \u003ccode\u003ezizmorcore/zizmor-action\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10871\"\u003e#10871\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10879\"\u003e#10879\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10918\"\u003e#10918\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10919\"\u003e#10919\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10934\"\u003e#10934\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10947\"\u003e#10947\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/BasixKOR\"\u003e\u003ccode\u003e@​BasixKOR\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6792\"\u003e#6792\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/carladams1299-lab\"\u003e\u003ccode\u003e@​carladams1299-lab\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10861\"\u003e#10861\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/LaplaceYoung\"\u003e\u003ccode\u003e@​LaplaceYoung\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10812\"\u003e#10812\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/JamieMagee\"\u003e\u003ccode\u003e@​JamieMagee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10939\"\u003e#10939\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/RonGamzu\"\u003e\u003ccode\u003e@​RonGamzu\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10905\"\u003e#10905\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sapirbaruch\"\u003e\u003ccode\u003e@​sapirbaruch\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10891\"\u003e#10891\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nezukoagent\"\u003e\u003ccode\u003e@​nezukoagent\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10901\"\u003e#10901\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/devareddy05\"\u003e\u003ccode\u003e@​devareddy05\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10929\"\u003e#10929\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Mohammad-Faiz-Cloud-Engineer\"\u003e\u003ccode\u003e@​Mohammad-Faiz-Cloud-Engineer\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10922\"\u003e#10922\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/azandabot\"\u003e\u003ccode\u003e@​azandabot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/niksy\"\u003e\u003ccode\u003e@​niksy\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.1...v1.17.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4306df21e84332fc576e98c2de549347c06bfb76\"\u003e\u003ccode\u003e4306df2\u003c/code\u003e\u003c/a\u003e chore: add fun 88 sponsorship\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/931cc8f0106db4c9885403f85364b9e09ae1f6dc\"\u003e\u003ccode\u003e931cc8f\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.17.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10983\"\u003e#10983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/38ba1b3d2b0aa5ada0463a37a548feb83a84dfa1\"\u003e\u003ccode\u003e38ba1b3\u003c/code\u003e\u003c/a\u003e fix(fetch): support basic auth from URL (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10896\"\u003e#10896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/32e2515f1e09b649723e4acd89d920df13eee77e\"\u003e\u003ccode\u003e32e2515\u003c/code\u003e\u003c/a\u003e fix: replace ternary side effect in script (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10931\"\u003e#10931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/030e7223831b0f562af3eb7501b24242c8a4c5ba\"\u003e\u003ccode\u003e030e722\u003c/code\u003e\u003c/a\u003e chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10960\"\u003e#10960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ec63164ac6b7a1fcd6b742a8628d3fffe23ce001\"\u003e\u003ccode\u003eec63164\u003c/code\u003e\u003c/a\u003e chore: remove openspec (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10958\"\u003e#10958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3dec28f94ce29d396d5f2d9718805b47428dc7ab\"\u003e\u003ccode\u003e3dec28f\u003c/code\u003e\u003c/a\u003e fix(http): preserve TLS options for proxy tunnels (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10957\"\u003e#10957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a2390a5c059342bcac2a5297728181dd9939f562\"\u003e\u003ccode\u003ea2390a5\u003c/code\u003e\u003c/a\u003e fix: correct isCancel type to narrow to CanceledError\u0026lt;T\u0026gt; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10952\"\u003e#10952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fa01b9255d71e72599826428bc6c60f34994c6ce\"\u003e\u003ccode\u003efa01b92\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10954\"\u003e#10954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2d2314a1ac29ce6723eb53e130b4a36617fd201c\"\u003e\u003ccode\u003e2d2314a\u003c/code\u003e\u003c/a\u003e fix: AxiosHeaders \u003ccode\u003etoJSON()\u003c/code\u003e return types (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10956\"\u003e#10956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your cu...\n\n_Description has been truncated_","html_url":"https://github.com/XavierMP14/storybook/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/XavierMP14%2Fstorybook/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T04:04:12.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654283184","node_id":"PR_kwDOOmh4pc7mAvnF","number":59,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T04:04:12.000Z","updated_at":"2026-06-13T04:04:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dustin4444/ecosystem/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/Dustin4444/ecosystem/59)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/Dustin4444/ecosystem/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dustin4444%2Fecosystem/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T03:58:41.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654265962","node_id":"PR_kwDOPtV_vM7mAsGw","number":3053,"state":"closed","title":"build(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-13T05:44:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T03:58:41.000Z","updated_at":"2026-06-13T05:44:58.000Z","time_to_close":6368,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-mercato/open-mercato/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/open-mercato/open-mercato/pull/3053","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-mercato%2Fopen-mercato/issues/3053","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3053/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T03:53:57.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654251340","node_id":"PR_kwDOQOf95c7mApFg","number":28,"state":"open","title":"Bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T03:53:57.000Z","updated_at":"2026-06-13T03:54:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alialobidm/account-kit-expo-quickstart/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alialobidm/account-kit-expo-quickstart/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alialobidm%2Faccount-kit-expo-quickstart/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T03:13:23.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654116703","node_id":"PR_kwDOKJkRzc7mANf2","number":208,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-13T06:23:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T03:13:23.000Z","updated_at":"2026-06-13T06:23:32.000Z","time_to_close":11400,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":4,"packages":[{"name":"turbo","old_version":"1.13.4","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"vm2","old_version":"3.11.3","new_version":"3.11.5","repository_url":"https://github.com/patriksimek/vm2"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the / directory: [turbo](https://github.com/vercel/turborepo), [joi](https://github.com/hapijs/joi), [shell-quote](https://github.com/ljharb/shell-quote) and [vm2](https://github.com/patriksimek/vm2).\n\nUpdates `turbo` from 1.13.4 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/blob/main/RELEASE.md\"\u003eturbo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Documentation\u003c/h1\u003e\n\u003ch2\u003eQuick Start\u003c/h2\u003e\n\u003ch3\u003eAutomated Canary Releases\u003c/h3\u003e\n\u003cp\u003eCanary releases run on an hourly schedule via the [Release workflow][1]:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eRuns every hour via cron, skipping if no relevant files (\u003ccode\u003ecrates/\u003c/code\u003e, \u003ccode\u003epackages/\u003c/code\u003e, \u003ccode\u003ecli/\u003c/code\u003e) changed since the last canary tag\u003c/li\u003e\n\u003cli\u003eSkips if the latest commit is a release PR merge (to avoid releasing the version bump itself)\u003c/li\u003e\n\u003cli\u003ePublishes to npm with the \u003ccode\u003ecanary\u003c/code\u003e tag\u003c/li\u003e\n\u003cli\u003eOpens a PR with auto-merge enabled to merge the version bump back to \u003ccode\u003emain\u003c/code\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eNo manual intervention required for canary releases.\u003c/p\u003e\n\u003ch3\u003eManual Releases (Stable/Custom)\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eCreate a release by triggering the [Turborepo Release][1] workflow\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor stable releases, use \u003ccode\u003epatch\u003c/code\u003e, \u003ccode\u003eminor\u003c/code\u003e, or \u003ccode\u003emajor\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFor custom pre-releases, use \u003ccode\u003eprepatch\u003c/code\u003e, \u003ccode\u003epreminor\u003c/code\u003e, or \u003ccode\u003epremajor\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCheck the \u0026quot;Dry Run\u0026quot; box to test the workflow without publishing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA PR is automatically opened to merge the release branch back into \u003ccode\u003emain\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMerge this promptly to avoid conflicts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3\u003eRelease \u003ccode\u003e@turbo/repository\u003c/code\u003e\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eRun [\u003ccode\u003ebump-version.sh\u003c/code\u003e][4] to update the versions of the packages. Merge in the changes to \u003ccode\u003emain\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCreate a release by triggering the [Turborepo Library Release][5] workflow.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCheck the \u0026quot;Dry Run\u0026quot; box to run the full release workflow without publishing any packages.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3\u003eNotes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Release Notes are published automatically using the config from [\u003ccode\u003eturborepo-release.yml\u003c/code\u003e][2],\ntriggered by the [\u003ccode\u003eturbo-orchestrator\u003c/code\u003e][3] bot.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eTurborepo CLI Release Process - In-Depth Guide\u003c/h2\u003e\n\u003cp\u003eThis section provides comprehensive documentation on how the Turborepo CLI is released, including the architecture, workflows, and detailed step-by-step processes.\u003c/p\u003e\n\u003ch3\u003eTable of Contents\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#architecture-overview\"\u003eArchitecture Overview\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#automated-canary-releases\"\u003eAutomated Canary Releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#version-management\"\u003eVersion Management\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#release-workflow-stages\"\u003eRelease Workflow Stages\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/blob/main/#packages-released\"\u003ePackages Released\u003c/a\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v1.13.4...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.13.3 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vm2` from 3.11.3 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/releases\"\u003evm2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — Restore \u003ccode\u003eutil.inspect\u003c/code\u003e output on Node 26+. \u003ccode\u003econsole.log(vm.run(...))\u003c/code\u003e was rendering as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e / \u003ccode\u003eProxy(Proxy([]))\u003c/code\u003e instead of the underlying value. Triggered by Node 26's stricter handling of nested proxies in the inspector.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Restore array iteration on \u003ccode\u003evm.freeze()\u003c/code\u003e'd host arrays. Calling \u003ccode\u003e.map()\u003c/code\u003e / \u003ccode\u003e.filter()\u003c/code\u003e / \u003ccode\u003e.forEach()\u003c/code\u003e etc. inside the sandbox on a frozen host object containing arrays threw\n\u003ccode\u003eTypeError: 'isExtensible' on proxy: trap result does not reflect extensibility of proxy target\u003c/code\u003e. Regression from the 3.11.0 proxy-invariant hardening.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/pull/568\"\u003e#568\u003c/a\u003e\u003c/strong\u003e — Fix \u003ccode\u003e.node\u003c/code\u003e extension handler key in \u003ccode\u003elib/resolver.js\u003c/code\u003e (the key was \u003ccode\u003e' .node'\u003c/code\u003e with a leading space, so native addon resolution silently fell through to the default path). Thanks to \u003ca href=\"https://github.com/cherr-cc\"\u003e\u003ccode\u003e@​cherr-cc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cp\u003eDrop-in replacement for 3.11.4. No API or configuration changes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.4\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — Bridge \u003ccode\u003eset\u003c/code\u003e trap ignoring ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e, letting \u003ccode\u003eObject.create(hostObj)\u003c/code\u003e children and \u003ccode\u003eReflect.set(hostObj, k, v, custom)\u003c/code\u003e writes leak onto the host object (write-channel → RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — Cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e namespace leak + missing dangerous-symbol guards on the bridge's write traps (\u003ccode\u003eset\u003c/code\u003e / \u003ccode\u003edefineProperty\u003c/code\u003e / \u003ccode\u003edeleteProperty\u003c/code\u003e), enabling sandbox-installed \u003ccode\u003enodejs.util.promisify.custom\u003c/code\u003e / stream brand / webstream hooks on host objects (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — Host prototype mutation via \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection through \u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e setter, severing host intrinsic prototype chains and escaping via \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e violation in \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file): sandbox-installed \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter / \u003ccode\u003eArray.prototype.join\u003c/code\u003e override could observe bridge-internal stack-trace state.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in \u003ccode\u003elocalPromise\u003c/code\u003e's swallow-tail, hijacking the downstream child constructor to capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability and reach a raw host-realm error → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: any truthy \u003ccode\u003enesting\u003c/code\u003e paired with a non-real-config \u003ccode\u003erequire\u003c/code\u003e produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — WebAssembly JSPI (\u003ccode\u003eWebAssembly.promising\u003c/code\u003e / \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e, Node 24+ behind a flag, Node 26+ default) producing Promise objects with a host-realm \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain and no bridge interposition; species hijack delivers a raw host-realm rejection to sandbox \u003ccode\u003e.catch\u003c/code\u003e → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of allow/deny config) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Supersedes GHSA-947f-4v7f-x2v8.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposing Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, \u003ccode\u003e_tls_*\u003c/code\u003e, \u003ccode\u003e_stream_*\u003c/code\u003e) even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfacing four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state of the entire host process rather than sandbox-local state — HTTP header / async-context / perf-mark / heap-snapshot exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/blob/main/docs/ATTACKS.md\"\u003e\u003ccode\u003edocs/ATTACKS.md\u003c/code\u003e\u003c/a\u003e extended through Category 35, plus two new Defense Invariants: \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e\u003c/strong\u003e (\u0026quot;No sandbox-visible object has a host-realm prototype chain without bridge interposition\u0026quot;) and \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e\u003c/strong\u003e (\u0026quot;The NodeVM builtin allowlist is a closed system\u0026quot;).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e. Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo other valid configurations are affected.\u003c/strong\u003e Embedders who explicitly listed any of \u003ccode\u003eprocess\u003c/code\u003e / \u003ccode\u003einspector\u003c/code\u003e / \u003ccode\u003eworker_threads\u003c/code\u003e / \u003ccode\u003ecluster\u003c/code\u003e / \u003ccode\u003evm\u003c/code\u003e / \u003ccode\u003erepl\u003c/code\u003e / \u003ccode\u003emodule\u003c/code\u003e / \u003ccode\u003etrace_events\u003c/code\u003e / \u003ccode\u003ewasi\u003c/code\u003e / \u003ccode\u003ediagnostics_channel\u003c/code\u003e / \u003ccode\u003easync_hooks\u003c/code\u003e / \u003ccode\u003eperf_hooks\u003c/code\u003e / \u003ccode\u003ev8\u003c/code\u003e in \u003ccode\u003ebuiltin\u003c/code\u003e were already running an unsandboxed sandbox; those names now throw at load time and can be re-introduced as safe wrappers via \u003ccode\u003emock\u003c/code\u003e / \u003ccode\u003eoverride\u003c/code\u003e / \u003ccode\u003eSPECIAL_MODULES\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/blob/main/CHANGELOG.md\"\u003evm2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.11.5]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — \u003ccode\u003eutil.inspect\u003c/code\u003e of \u003ccode\u003evm.run(...)\u003c/code\u003e results rendered as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e on Node 26+. Install \u003ccode\u003enodejs.util.inspect.custom\u003c/code\u003e on host-side proxy targets so the inspect output reflects the underlying shape.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Array iteration methods on a \u003ccode\u003evm.freeze()\u003c/code\u003e-d host array threw an \u003ccode\u003e'isExtensible' on proxy\u003c/code\u003e invariant error (regression from the GHSA-grj5-jjm8-h35p species defense). Align the ReadOnly proxy target's extensibility with its trap result and skip species neutralization on the host→sandbox apply path.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.4]\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — bridge escape via \u003ccode\u003eBaseHandler.set\u003c/code\u003e ignoring the ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e argument; \u003ccode\u003eObject.create(hostProxy).x = v\u003c/code\u003e and \u003ccode\u003eReflect.set(hostProxy, k, v, sandboxObj)\u003c/code\u003e wrote through to the host object instead of installing on the receiver, turning every embedder-exposed host object into a sandbox write channel. Receiver-gated install-on-receiver fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e mirroring \u003ccode\u003eReadOnlyHandler.set\u003c/code\u003e. See ATTACKS.md Category 32 and \u003ccode\u003etest/ghsa/GHSA-c4cf-2hgv-2qv6/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — sandbox escape via unblocked cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e keys plus missing dangerous-symbol guards on the bridge's write traps. Two-layer structural fix: \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e denies the entire \u003ccode\u003enodejs.\u003c/code\u003e namespace at \u003ccode\u003eSymbol.for\u003c/code\u003e and aligns the read-side filters with the full 9-symbol cache, and \u003ccode\u003elib/bridge.js\u003c/code\u003e extends \u003ccode\u003eisDangerousCrossRealmSymbol\u003c/code\u003e and applies it to the \u003ccode\u003eset\u003c/code\u003e/\u003ccode\u003edefineProperty\u003c/code\u003e/\u003ccode\u003edeleteProperty\u003c/code\u003e traps. See ATTACKS.md Category 8 / Category 20 (both extended) and \u003ccode\u003etest/ghsa/GHSA-m5q2-4fm3-vfqp/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — host prototype mutation via apply-trap indirection. Sandbox code could reach host prototype-mutating setters (\u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e, \u003ccode\u003esetPrototypeOf\u003c/code\u003e, \u003ccode\u003edefineProperty\u003c/code\u003e, \u003ccode\u003e__defineSetter__\u003c/code\u003e/\u003ccode\u003e__defineGetter__\u003c/code\u003e) through \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection, sever a host intrinsic's prototype chain, and escape via the bridge's \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough. Two-layer structural fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e (apply-trap blocklist + cache check before proto-walk). See ATTACKS.md Category 30 and \u003ccode\u003etest/ghsa/GHSA-v6mx-mf47-r5wg/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e hardening for \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file). The sandbox stack-trace formatter accumulated frames in a sandbox-realm array and \u003ccode\u003e.join\u003c/code\u003e-ed them, so a sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e (or \u003ccode\u003e.join\u003c/code\u003e override) observed bridge-internal state — no host reference reachable today, but one enrichment away from regressing into the GHSA-9qj6 RCE shape. Fixed in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e by folding frames through a primitive string accumulator (no \u003ccode\u003eArray.prototype\u003c/code\u003e slot reachable) and converting \u003ccode\u003emakeCallSiteGetters\u003c/code\u003e to \u003ccode\u003elocalReflectDefineProperty\u003c/code\u003e for symmetry. See ATTACKS.md Category 28 Variant B and \u003ccode\u003etest/ghsa/GHSA-q3fm-4wcw-g57x/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in the \u003ccode\u003elocalPromise\u003c/code\u003e swallow tail. The swallow-tail \u003ccode\u003eapply(globalPromisePrototypeThen, this, [...])\u003c/code\u003e call inside \u003ccode\u003elocalPromise\u003c/code\u003e's constructor invoked the cached host \u003ccode\u003ePromise.prototype.then\u003c/code\u003e without first calling \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e, so a sandbox subclass overriding \u003ccode\u003e[Symbol.species]\u003c/code\u003e could redirect the downstream child constructor to a user function and capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability — delivering a raw host-realm error (RangeError from deep recursion + \u003ccode\u003ee.stack\u003c/code\u003e) to a sandbox collector and reaching the host \u003ccode\u003eFunction\u003c/code\u003e constructor via \u003ccode\u003e.constructor.constructor\u003c/code\u003e. One-line fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e adds the missing \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e before the swallow-tail call, matching the pattern already used by the \u003ccode\u003e.then\u003c/code\u003e/\u003ccode\u003e.catch\u003c/code\u003e/\u003ccode\u003eReflect.apply\u003c/code\u003e overrides. See ATTACKS.md Category 31 and \u003ccode\u003etest/ghsa/GHSA-76w7-j9cq-rx2j/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: a truthy \u003ccode\u003enesting\u003c/code\u003e paired with anything other than a real \u003ccode\u003erequire\u003c/code\u003e config object produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE. Structural fix in \u003ccode\u003elib/nodevm.js\u003c/code\u003e: destructure first, then reject at construction whenever \u003ccode\u003enesting\u003c/code\u003e is truthy and \u003ccode\u003erequireOpts\u003c/code\u003e is not a non-null object or \u003ccode\u003eResolver\u003c/code\u003e. Supersedes GHSA-8hg8-63c5-gwmx. See ATTACKS.md Category 25 and \u003ccode\u003etest/ghsa/GHSA-m4wx-m65x-ghrr/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — sandbox escape via WebAssembly JSPI (Node 24 behind \u003ccode\u003e--experimental-wasm-jspi\u003c/code\u003e, Node 26+ default). \u003ccode\u003eWebAssembly.promising\u003c/code\u003e returns Promise objects whose \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain points directly at the host realm's \u003ccode\u003ePromise.prototype\u003c/code\u003e with no bridge proxy in between, so \u003ccode\u003ep.finally()\u003c/code\u003e reaches host \u003ccode\u003ePromise.prototype.finally\u003c/code\u003e, V8's \u003ccode\u003eSpeciesConstructor\u003c/code\u003e reads an attacker-controlled \u003ccode\u003ep.constructor\u003c/code\u003e getter, and the eventual host-realm rejection is dispatched through the attacker's class with no bridge wrapping — \u003ccode\u003ee.constructor.constructor('return process')()\u003c/code\u003e then evaluates in the host realm. Structural fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: delete \u003ccode\u003eWebAssembly.promising\u003c/code\u003e and \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e at sandbox bootstrap, mirroring the existing \u003ccode\u003eWebAssembly.JSTag\u003c/code\u003e removal. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e (no sandbox-visible object may have a host-realm prototype chain without bridge interposition). See ATTACKS.md Category 33 and \u003ccode\u003etest/ghsa/GHSA-6j2x-vhqr-qr7q/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e and \u003ccode\u003einspector/promises\u003c/code\u003e. The exact-match denylist in \u003ccode\u003elib/builtin.js\u003c/code\u003e missed two host-passthrough families: \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of the embedder's allow/deny configuration) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Structural fix promotes the check to family-prefix via \u003ccode\u003eisDangerousBuiltin(key)\u003c/code\u003e, strips the \u003ccode\u003enode:\u003c/code\u003e URL prefix, and adds \u003ccode\u003eprocess\u003c/code\u003e to the dangerous set — enforced at both \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e source and \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e. Supersedes GHSA-947f-4v7f-x2v8. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e. See ATTACKS.md Category 21 (extended) and \u003ccode\u003etest/ghsa/GHSA-rp36-8xq3-r6c4/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposed Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, the \u003ccode\u003e_http_*\u003c/code\u003e / \u003ccode\u003e_tls_*\u003c/code\u003e / \u003ccode\u003e_stream_*\u003c/code\u003e siblings), letting sandbox code make outbound HTTP requests and open listening sockets even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6). Structural fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter now excludes any name starting with \u003ccode\u003e_\u003c/code\u003e, so \u003ccode\u003e'*'\u003c/code\u003e expands only to documented public builtins; explicit opt-in, \u003ccode\u003emock\u003c/code\u003e, and \u003ccode\u003eoverride\u003c/code\u003e paths remain functional. See ATTACKS.md Category 34 and \u003ccode\u003etest/ghsa/GHSA-r9pm-gxmw-wv6p/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfaced four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state from the entire host process rather than the sandbox: HTTP \u003ccode\u003eIncomingMessage\u003c/code\u003e headers (incl. auth tokens) via \u003ccode\u003ediagnostics_channel.subscribe\u003c/code\u003e, embedder \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e context via \u003ccode\u003easync_hooks.executionAsyncResource\u003c/code\u003e, embedder \u003ccode\u003eperformance.mark\u003c/code\u003e labels via \u003ccode\u003eperf_hooks\u003c/code\u003e, and the full V8 heap via \u003ccode\u003ev8.getHeapSnapshot\u003c/code\u003e / \u003ccode\u003ev8.queryObjects\u003c/code\u003e. Fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: extends \u003ccode\u003eDANGEROUS_BUILTINS\u003c/code\u003e with the four names, reusing the existing two-layer enforcement (\u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter + \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e rejection, family-prefix and \u003ccode\u003enode:\u003c/code\u003e-normalised via \u003ccode\u003eisDangerousBuiltin\u003c/code\u003e). \u003ccode\u003emock\u003c/code\u003e/\u003ccode\u003eoverride\u003c/code\u003e escape hatches preserved. See ATTACKS.md Category 35 and \u003ccode\u003etest/ghsa/GHSA-9g8x-92q2-p28f/\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUpgrade notes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e entirely, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e (\u003ccode\u003e1\u003c/code\u003e/\u003ccode\u003e'yes'\u003c/code\u003e/\u003ccode\u003e{}\u003c/code\u003e/\u003ccode\u003e[]\u003c/code\u003e/function). Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/7a1f5100b96f48d34e0fe104ab37c0acc5944f92\"\u003e\u003ccode\u003e7a1f510\u003c/code\u003e\u003c/a\u003e Fix .node typo (\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/568\"\u003e#568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/fac7fb43ad1d9765ed42734410f069b6ee17e34e\"\u003e\u003ccode\u003efac7fb4\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/2da83ed2f4b4e174ed086e8a53d1c5da11609d91\"\u003e\u003ccode\u003e2da83ed\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e): restore array iteration on vm.freeze()'d host arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/51cc4bc2e6e12439b306f0266b6171e3805a2f38\"\u003e\u003ccode\u003e51cc4bc\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e): restore util.inspect output on Node 26+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/27354d56563b0acb54eb9dd92edbc167612b9d4b\"\u003e\u003ccode\u003e27354d5\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/59ccba9a508e96acb486e2c04666b998f95e17e1\"\u003e\u003ccode\u003e59ccba9\u003c/code\u003e\u003c/a\u003e feat: add merge-fix skill for integrating confirmed vulnerability fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7\"\u003e\u003ccode\u003e86ab819\u003c/code\u003e\u003c/a\u003e fix(GHSA-m4wx-m65x-ghrr): widen NESTING_OVERRIDE guard to all input shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb\"\u003e\u003ccode\u003ee1c48fc\u003c/code\u003e\u003c/a\u003e fix(GHSA-9g8x-92q2-p28f): deny process-wide observability builtins in NodeVM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1\"\u003e\u003ccode\u003e436053e\u003c/code\u003e\u003c/a\u003e fix(GHSA-r9pm-gxmw-wv6p): exclude underscored builtins from NodeVM '*' wildca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b\"\u003e\u003ccode\u003ea1ed47a\u003c/code\u003e\u003c/a\u003e fix(GHSA-rp36-8xq3-r6c4): close NodeVM builtin denylist bypass via process/in...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smileidentity/react-native-v11/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/smileidentity/react-native-v11/pull/208","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smileidentity%2Freact-native-v11/issues/208","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/208/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T03:08:38.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654100452","node_id":"PR_kwDOJdzsWs7mAKN2","number":537,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T03:08:38.000Z","updated_at":"2026-06-13T03:08:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/karpatkey/defi-kit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/karpatkey/defi-kit/pull/537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/karpatkey%2Fdefi-kit/issues/537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/537/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-13T02:57:10.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654060587","node_id":"PR_kwDOGswo787mACa_","number":521,"state":"open","title":"build(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-13T02:57:10.000Z","updated_at":"2026-06-13T02:59:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PCSX2/pcsx2-net-www/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PCSX2/pcsx2-net-www/pull/521","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PCSX2%2Fpcsx2-net-www/issues/521","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/521/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":"/website","pr_created_at":"2026-06-13T02:38:06.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4654005452","node_id":"PR_kwDOAceYB87l_3IZ","number":2048,"state":"closed","title":"Bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["CLA Signed","Merged","dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-15T17:47:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-13T02:38:06.000Z","updated_at":"2026-06-15T17:47:59.000Z","time_to_close":227383,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/facebook/infer/pull/2048","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebook%2Finfer/issues/2048","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2048/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":"/website","pr_created_at":"2026-06-12T23:58:47.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4653426421","node_id":"PR_kwDOONRr-M7l9_s7","number":126,"state":"open","title":"chore(deps): bump joi from 17.13.3 to 17.13.4 in /website","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T23:58:47.000Z","updated_at":"2026-06-12T23:59:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":"/website","ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dustin4444/redux/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/Dustin4444/redux/126)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/Dustin4444/redux/pull/126","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dustin4444%2Fredux/issues/126","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/126/packages"}},{"old_version":"18.1.2","new_version":"18.2.1","update_type":"minor","path":null,"pr_created_at":"2026-06-12T23:43:23.000Z","version_change":"18.1.2 → 18.2.1","issue":{"uuid":"4653370917","node_id":"PR_kwDOP9wlJs7l90cC","number":279,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T23:43:23.000Z","updated_at":"2026-06-12T23:44:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":8,"packages":[{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"ip-address","old_version":"10.1.0","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"next-intl","old_version":"4.9.1","new_version":"4.9.2","repository_url":"https://github.com/amannn/next-intl"},{"name":"esbuild","old_version":"0.28.0","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /examples/basic-nextjs directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/basic-nextjs-pages-router directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 4 updates in the /examples/basic-spa/angular directory: [postcss](https://github.com/postcss/postcss), [ip-address](https://github.com/beaugunderson/ip-address), [joi](https://github.com/hapijs/joi) and [ws](https://github.com/websockets/ws).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-article-starter directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 4 updates in the /examples/kit-nextjs-location-finder directory: [next-intl](https://github.com/amannn/next-intl), [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-product-listing directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 3 updates in the /examples/kit-nextjs-skate-park directory: [esbuild](https://github.com/evanw/esbuild), [shell-quote](https://github.com/ljharb/shell-quote) and [tmp](https://github.com/raszi/node-tmp).\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.1.0...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\n{\n  using x = new Resource()\n  x.activate()\n}\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nnew (foo()`bar`)()\nnew (foo()?.bar)()\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-intl` from 4.9.1 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/releases\"\u003enext-intl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.9.2\u003c/h2\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/blob/main/CHANGELOG.md\"\u003enext-intl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/e1b18258075017216165735212568c8f795e1660\"\u003e\u003ccode\u003ee1b1825\u003c/code\u003e\u003c/a\u003e v4.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003e\u003ccode\u003ec0bf0ee\u003c/code\u003e\u003c/a\u003e fix: Prototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/amannn/next-intl/compare/v4.9.1...v4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6...\n\n_Description has been truncated_","html_url":"https://github.com/sc-sobiyasivakumar/xmcloud-starter-js/pull/279","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sc-sobiyasivakumar%2Fxmcloud-starter-js/issues/279","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/279/packages"}},{"old_version":"17.8.3","new_version":"17.13.4","update_type":"minor","path":null,"pr_created_at":"2026-06-12T23:35:28.000Z","version_change":"17.8.3 → 17.13.4","issue":{"uuid":"4653336846","node_id":"PR_kwDOFCuVhs7l9tr4","number":6,"state":"closed","title":"Bump joi from 17.8.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T23:48:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T23:35:28.000Z","updated_at":"2026-06-12T23:48:26.000Z","time_to_close":771,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"joi","old_version":"17.8.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.8.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.8.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/ublabs/netlify-cms-oauth/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ublabs%2Fnetlify-cms-oauth/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"17.6.0","new_version":"17.13.4","update_type":"minor","path":null,"pr_created_at":"2026-06-12T22:50:46.000Z","version_change":"17.6.0 → 17.13.4","issue":{"uuid":"4653139738","node_id":"PR_kwDOPrcsTM7l9D4t","number":16,"state":"closed","title":"Bump the npm_and_yarn group across 8 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T05:51:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T22:50:46.000Z","updated_at":"2026-06-13T05:51:58.000Z","time_to_close":25271,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"joi","old_version":"17.6.0","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"vite","old_version":"4.5.14","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"vitest","old_version":"0.29.8","new_version":"3.2.6","repository_url":"https://github.com/vitest-dev/vitest"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@grpc/grpc-js","old_version":"1.13.4","new_version":"1.14.4","repository_url":"https://github.com/grpc/grpc-node"},{"name":"dompurify","old_version":"3.2.6","new_version":"3.4.10","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [joi](https://github.com/hapijs/joi) | `17.6.0` | `17.13.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.14` | `6.4.2` |\n| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `0.29.8` | `3.2.6` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.7` |\n| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.13.4` | `1.14.4` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.4.10` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.8` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.4` |\n| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.3` | `1.8.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/nextjs-api-sales directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /packages/backend-core directory: [joi](https://github.com/hapijs/joi) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/builder directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /packages/client directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /packages/server directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte), [joi](https://github.com/hapijs/joi), [uuid](https://github.com/uuidjs/uuid) and [tmp](https://github.com/raszi/node-tmp).\nBumps the npm_and_yarn group with 1 update in the /packages/upgrade-tests directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/worker directory: [joi](https://github.com/hapijs/joi) and [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 17.6.0 to 17.13.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.6.0...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~marsup\"\u003emarsup\u003c/a\u003e, a new releaser for joi since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.5.14 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 0.29.8 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin last supported vite-node version  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d05\"\u003e\u003c!-- raw HTML omitted --\u003e(16f12)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.5...v3.2.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10445\"\u003evitest-dev/vitest#10445\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d\"\u003e\u003c!-- raw HTML omitted --\u003e(af88b)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v3]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10456\"\u003evitest-dev/vitest#10456\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd\"\u003e\u003c!-- raw HTML omitted --\u003e(385a1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.4...v3.2.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse correct path for optimisation of strip-literal  -  by \u003ca href=\"https://github.com/mrginglymus\"\u003e\u003ccode\u003e@​mrginglymus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8139\"\u003evitest-dev/vitest#8139\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/44940d9dd\"\u003e\u003c!-- raw HTML omitted --\u003e(44940)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrint uint and buffer as a simple string  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8141\"\u003evitest-dev/vitest#8141\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b86bf0d99\"\u003e\u003c!-- raw HTML omitted --\u003e(b86bf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eShow a helpful error when spying on an export  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8178\"\u003evitest-dev/vitest#8178\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5600772c2\"\u003e\u003c!-- raw HTML omitted --\u003e(56007)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003evitest run --watch\u003c/code\u003e should be watch-mode  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8128\"\u003evitest-dev/vitest#8128\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/657e83f9f\"\u003e\u003c!-- raw HTML omitted --\u003e(657e8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse absolute path environment on Windows  -  by \u003ca href=\"https://github.com/colinaaa\"\u003e\u003ccode\u003e@​colinaaa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8105\"\u003evitest-dev/vitest#8105\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/85dc0195f\"\u003e\u003c!-- raw HTML omitted --\u003e(85dc0)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThrow error when \u003ccode\u003e--shard x/\u0026lt;count\u0026gt;\u003c/code\u003e exceeds count of test files  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8112\"\u003evitest-dev/vitest#8112\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/8a18c8e20\"\u003e\u003c!-- raw HTML omitted --\u003e(8a18c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eIgnore SCSS in browser mode  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8161\"\u003evitest-dev/vitest#8161\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c3be6f63\"\u003e\u003c!-- raw HTML omitted --\u003e(0c3be)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eUpdate all non-major dependencies  -  in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8123\"\u003evitest-dev/vitest#8123\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/93f3200e4\"\u003e\u003c!-- raw HTML omitted --\u003e(93f32)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexpect\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eHandle async errors in expect.soft  -  by \u003ca href=\"https://github.com/lzl0304\"\u003e\u003ccode\u003e@​lzl0304\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8145\"\u003evitest-dev/vitest#8145\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/686996912\"\u003e\u003c!-- raw HTML omitted --\u003e(68699)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epool\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAuto-adjust \u003ccode\u003eminWorkers\u003c/code\u003e when only \u003ccode\u003emaxWorkers\u003c/code\u003e specified  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8110\"\u003evitest-dev/vitest#8110\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/14dc0724f\"\u003e\u003c!-- raw HTML omitted --\u003e(14dc0)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereporter\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003etask.meta\u003c/code\u003e should be available in custom reporter's errors  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8115\"\u003evitest-dev/vitest#8115\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/27df68a0e\"\u003e\u003c!-- raw HTML omitted --\u003e(27df6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003ePreserve handler wrapping on extend  -  by \u003ca href=\"https://github.com/pengooseDev\"\u003e\u003ccode\u003e@​pengooseDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8153\"\u003evitest-dev/vitest#8153\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a92812b70\"\u003e\u003c!-- raw HTML omitted --\u003e(a9281)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eEnsure ui config option works correctly  -  by \u003ca href=\"https://github.com/lzl0304\"\u003e\u003ccode\u003e@​lzl0304\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8147\"\u003evitest-dev/vitest#8147\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/42eeb2ee6\"\u003e\u003c!-- raw HTML omitted --\u003e(42eeb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v3.2.3...v3.2.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Use base url instead of \u003cstrong\u003evitest\u003c/strong\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8126\"\u003evitest-dev/vitest#8126\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d8ebf9ae\"\u003e\u003c!-- raw HTML omitted --\u003e(1d8eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/b6d56f8171ae814ee7571df63a35a0da5203dbaa\"\u003e\u003ccode\u003eb6d56f8\u003c/code\u003e\u003c/a\u003e chore: release v3.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/16f120d0585677f6a32bcb3dd01fa61c140e2588\"\u003e\u003ccode\u003e16f120d\u003c/code\u003e\u003c/a\u003e fix: pin last supported vite-node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/2cbad0a923c48c6144266df3cd25f93547cb5221\"\u003e\u003ccode\u003e2cbad0a\u003c/code\u003e\u003c/a\u003e chore: release v3.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/385a1aefd4c2bfa5e7d58bf7c6834c929969f2c7\"\u003e\u003ccode\u003e385a1ae\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8\"\u003e\u003ccode\u003eaf88b1f\u003c/code\u003e\u003c/a\u003e feat(api): add \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e [backport to v3]...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c666d149a4516761bae92ca56ce1336d2fd352c3\"\u003e\u003ccode\u003ec666d14\u003c/code\u003e\u003c/a\u003e chore: release v3.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8a18c8e20a19f2c8d9f402e426886999f378c389\"\u003e\u003ccode\u003e8a18c8e\u003c/code\u003e\u003c/a\u003e fix(cli): throw error when \u003ccode\u003e--shard x/\\\u0026lt;count\u0026gt;\u003c/code\u003e exceeds count of test files (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/8abd7cc6fff5fa47d899b5f5383f526d2fdef784\"\u003e\u003ccode\u003e8abd7cc\u003c/code\u003e\u003c/a\u003e chore(deps): update \u003ccode\u003etinypool\u003c/code\u003e (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8174\"\u003e#8174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/93f3200e452874ed4e2d018718bbbde7ebd28590\"\u003e\u003ccode\u003e93f3200\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8123\"\u003e#8123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/0c3be6f637d65ef47f2fcf2ccd637f1ecc9d1786\"\u003e\u003ccode\u003e0c3be6f\u003c/code\u003e\u003c/a\u003e fix(coverage): ignore SCSS in browser mode (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8161\"\u003e#8161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@grpc/grpc-js` from 1.13.4 to 1.14.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-node/releases\"\u003e@​grpc/grpc-js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a bug that could cause servers to crash when handling malformed requests (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2\"\u003eadvisory GHSA-5375-pq7m-f5r2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug that could cause clients and servers to crash when handling malformed compressed messages (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq\"\u003eadvisory GHSA-99f4-grh7-6pcq\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSend halfClose immediately after messages to prevent late halfClose issues with Envoy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3031\"\u003e#3031\u003c/a\u003e contributed by \u003ca href=\"https://github.com/serkanerip\"\u003e\u003ccode\u003e@​serkanerip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix server keep alive timeout not properly destroying connections (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3022\"\u003e#3022\u003c/a\u003e contributed by \u003ca href=\"https://github.com/mattias-wiberg\"\u003e\u003ccode\u003e@​mattias-wiberg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression of the settings used internally for HTTP/2 sessions (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3023\"\u003e#3023\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js-xds\u003c/code\u003e 1.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement RBAC support (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2939\"\u003e#2939\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2945\"\u003e#2945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eweighted_round_robin\u003c/code\u003e to LB policy registry (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3001\"\u003e#3001\u003c/a\u003e) (currently experimental, enabled by the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_WRR_LB\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ewrr_locality\u003c/code\u003e to LB policy registry (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3003\"\u003e#3003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.14.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003egetAuthContext\u003c/code\u003e method to client and server call classes (more details can be found in \u003ca href=\"https://github.com/grpc/proposal/blob/master/L35-node-getAuthContext.md\"\u003egRFC L35\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement custom backend metrics support (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A51-custom-backend-metrics.md\"\u003egRFC A51\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2978\"\u003e#2978\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2983\"\u003e#2983\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2985\"\u003e#2985\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2986\"\u003e#2986\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2999\"\u003e#2999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003egetConnectionInfo\u003c/code\u003e method to the \u003ccode\u003eServerInterceptingCall\u003c/code\u003e class (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2922\"\u003e#2922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement the \u003ccode\u003eweighted_round_robin\u003c/code\u003e load balancing policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2998\"\u003e#2998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix jitter behavior for client retries (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2960\"\u003e#2960\u003c/a\u003e contributed by \u003ca href=\"https://github.com/ekscentrysytet\"\u003e\u003ccode\u003e@​ekscentrysytet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStart connecting from a random index in the \u003ccode\u003eround_robin\u003c/code\u003e LB policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSend connection-level WINDOW_UPDATE at session start (\u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/2971\"\u003e#2971\u003c/a\u003e contributed by \u003ca href=\"https://github.com/KoenRijpstra\"\u003e\u003ccode\u003e@​KoenRijpstra\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eExperimental API Changes\u003c/h2\u003e\n\u003cp\u003eAdded:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCHANNEL_ARGS_CONFIG_SELECTOR_KEY\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eStatusOr\u0026lt;T\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCallStream\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estatusOrFromValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estatusOrFromError\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModified:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResolverListener#onSuccessfulResolution\u003c/code\u003e now has the signature \u003ccode\u003e(endpointList: StatusOr\u0026lt;Endpoint[]\u0026gt;, attributes: { [key: string]: unknown }, serviceConfig: StatusOr\u0026lt;ServiceConfig\u0026gt; | null, resolutionNote: string): boolean\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eLoadBalancer#updateAddressList\u003c/code\u003e now has the signature `updateAddressList(endpointList: StatusOr\u0026lt;Endpoint[]\u0026gt;,lbConfig: TypedLoadBalancingConfig, channelOptions: ChannelOptions, resolutionNote: string): boolean\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​grpc/grpc-js\u003c/code\u003e 1.13.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a bug that could cause servers to crash when handling malformed requests (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2\"\u003eadvisory GHSA-5375-pq7m-f5r2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug that could cause clients and servers to crash when handling malformed compressed messages (\u003ca href=\"https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq\"\u003eadvisory GHSA-99f4-grh7-6pcq\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/a380735ba9b0351214f2faa578350a559dd486ff\"\u003e\u003ccode\u003ea380735\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3052\"\u003e#3052\u003c/a\u003e from murgatroid99/grpc-js_1.14.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/5b8d37b03d91122ec0b9bc5e27dd26ffa7448337\"\u003e\u003ccode\u003e5b8d37b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/6a97456cc88d2b74e1527b356de98bf8ee8d7a40\"\u003e\u003ccode\u003e6a97456\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/e5e0b1d3ff14fa7c5eeef10b309d694bc3ff7e96\"\u003e\u003ccode\u003ee5e0b1d\u003c/code\u003e\u003c/a\u003e grpc-js: Bump version to 1.14.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/5029a2668164d1ba6de6ed4dcf6d35d5c4ff6cf4\"\u003e\u003ccode\u003e5029a26\u003c/code\u003e\u003c/a\u003e Make compression error a static string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163\"\u003e\u003ccode\u003e2fe55fd\u003c/code\u003e\u003c/a\u003e Fix crashes when receiving malformed compressed data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668\"\u003e\u003ccode\u003e234f917\u003c/code\u003e\u003c/a\u003e Fix server crash when handling invalid requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/acef8d4adfa091188e9dd572cedf4d87b0f69b21\"\u003e\u003ccode\u003eacef8d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3043\"\u003e#3043\u003c/a\u003e from murgatroid99/rbac_types_change_fix_1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/4f3c58fda2136eb0038a39d54804acb06a8419ea\"\u003e\u003ccode\u003e4f3c58f\u003c/code\u003e\u003c/a\u003e grpc-js-xds: Update RBAC code to handle Node type change, pin \u003ccode\u003e@​types/node\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-node/commit/ccd29b27d28ce8937f8250f72e5e6027ed5af09a\"\u003e\u003ccode\u003eccd29b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/grpc/grpc-node/issues/3032\"\u003e#3032\u003c/a\u003e from murgatroid99/grpc-js_retry_half_close_1.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.13.4...@grpc/grpc-js@1.14.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.2.6 to 3.4.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactored codebase for clarity: extracted the public type declarations into \u003ccode\u003etypes.ts\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDecomposed the three largest sanitizer functions into focused helpers\u003c/li\u003e\n\u003cli\u003eRemoved duplicated defaults and dead branches, consolidated \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrubbing into single shared path\u003c/li\u003e\n\u003cli\u003eImproved per-node performance by hoisting the mXSS probe regexes and testing \u003ccode\u003etextContent\u003c/code\u003e before \u003ccode\u003einnerHTML\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded a deterministic micro-benchmark harness (\u003ccode\u003enpm run bench\u003c/code\u003e) with a \u003ccode\u003e--compare\u003c/code\u003e mode\u003c/li\u003e\n\u003cli\u003eReduced CI cost by running the full three-engine browser suite once per PR\u003c/li\u003e\n\u003cli\u003eRefreshed the \u003ccode\u003edemos/\u003c/code\u003e folder so every demo runs again, and added a SVG-via-\u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e demo\u003c/li\u003e\n\u003cli\u003eDocumented the bench and \u003ccode\u003etest:happydom\u003c/code\u003e scripts in the README\u003c/li\u003e\n\u003cli\u003eCompleted the Attack Classes \u0026amp; Bypass History wiki page\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFurther improved the handling of Trusted Types config options, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFurther improved the handling of \u003ccode\u003eIN_PLACE\u003c/code\u003e sanitization, thanks \u003ca href=\"https://github.com/mozfreddyb\"\u003e\u003ccode\u003e@​mozfreddyb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and Trusted Types related usage\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eUpdated README and wiki with more accurate documentation \u0026amp; attack samples\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleaned up the repository root, renamed some and removed unneeded files\u003c/li\u003e\n\u003cli\u003eFixed an issue with handling of Trusted Types policies, thanks \u003ca href=\"https://github.com/fulstadev\"\u003e\u003ccode\u003e@​fulstadev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the node iterator for better template scrubbing, thanks \u003ca href=\"https://github.com/IamLeandrooooo\"\u003e\u003ccode\u003e@​IamLeandrooooo\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncluded formerly missing LICENSE-MPL in published npm package, thanks \u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHardened the handling of Shadow Roots when using \u003ccode\u003eIN_PLACE\u003c/code\u003e, thanks \u003ca href=\"https://github.com/GameZoneHacker\"\u003e\u003ccode\u003e@​GameZoneHacker\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved a problem leading to permanent hook pollution, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactored the test suite and expanded test coverage significantly\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed several issues with DOM Clobbering in \u003ccode\u003eIN_PLACE\u003c/code\u003e mode, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHardened the checks for cross-realm \u003ccode\u003eIN_PLACE\u003c/code\u003e and Shadow DOM sanitization, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and general DOM Clobbering attacks\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6ee5716f8336989753611beeca364957c0eb0c3e\"\u003e\u003ccode\u003e6ee5716\u003c/code\u003e\u003c/a\u003e release: 3.4.10 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/52102472d46035857c52df19e44285f8a1e102fc\"\u003e\u003ccode\u003e5210247\u003c/code\u003e\u003c/a\u003e release: 3.4.9 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1459\"\u003e#1459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bcdd8285412dc9c4c149652aed2d712e790d6ccf\"\u003e\u003ccode\u003ebcdd828\u003c/code\u003e\u003c/a\u003e release: 3.4.8 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1439\"\u003e#1439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff\"\u003e\u003ccode\u003eca30f07\u003c/code\u003e\u003c/a\u003e release: 3.4.7 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1414\"\u003e#1414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae\"\u003e\u003ccode\u003ebb7739e\u003c/code\u003e\u003c/a\u003e release: 3.4.6 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad96...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/budibase/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fbudibase/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"18.1.2","new_version":"18.2.1","update_type":"minor","path":null,"pr_created_at":"2026-06-12T22:47:06.000Z","version_change":"18.1.2 → 18.2.1","issue":{"uuid":"4653122000","node_id":"PR_kwDOSrKJB87l9AIO","number":12,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T22:47:06.000Z","updated_at":"2026-06-12T22:48:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [esbuild](https://github.com/evanw/esbuild), [joi](https://github.com/hapijs/joi) and [shell-quote](https://github.com/ljharb/shell-quote).\nBumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 1 update in the /website directory: [shell-quote](https://github.com/ljharb/shell-quote).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/reevesc88/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/reevesc88/hermes-agent/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reevesc88%2Fhermes-agent/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"18.1.2","new_version":"18.2.1","update_type":"minor","path":null,"pr_created_at":"2026-06-12T22:45:48.000Z","version_change":"18.1.2 → 18.2.1","issue":{"uuid":"4653115558","node_id":"PR_kwDOR7GF9s7l8-vh","number":12,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T22:45:48.000Z","updated_at":"2026-06-12T22:47:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"joi","old_version":"18.1.2","new_version":"18.2.1","repository_url":"https://github.com/hapijs/joi"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"ws","old_version":"8.20.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"protobufjs","old_version":"7.5.6","new_version":"7.6.4","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"esbuild","old_version":"0.25.12","new_version":"0.28.1","repository_url":"https://github.com/evanw/esbuild"},{"name":"undici","old_version":"7.23.0","new_version":"7.27.2","repository_url":"https://github.com/nodejs/undici"},{"name":"shell-quote","old_version":"1.8.3","new_version":"1.8.4","repository_url":"https://github.com/ljharb/shell-quote"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [esbuild](https://github.com/evanw/esbuild), [joi](https://github.com/hapijs/joi) and [shell-quote](https://github.com/ljharb/shell-quote).\nBumps the npm_and_yarn group with 3 updates in the /scripts/whatsapp-bridge directory: [ws](https://github.com/websockets/ws), [protobufjs](https://github.com/protobufjs/protobuf.js) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /ui-tui/packages/hermes-ink directory: [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 3 updates in the /website directory: [undici](https://github.com/nodejs/undici), [shell-quote](https://github.com/ljharb/shell-quote) and [qs](https://github.com/ljharb/qs).\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `joi` from 18.1.2 to 18.2.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/048fe05b82355f445c5aab7881d836b2e9811296\"\u003e\u003ccode\u003e048fe05\u003c/code\u003e\u003c/a\u003e 18.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2392713d3e9dd91ba752ac0c96e0eaf3d24b9a11\"\u003e\u003ccode\u003e2392713\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e from hapijs/fix/link-max-call-stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7\"\u003e\u003ccode\u003efc146a6\u003c/code\u003e\u003c/a\u003e fix: protect link recursion from max call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f4e97e06e9b0e8907909ed9d273589f1127ddcb0\"\u003e\u003ccode\u003ef4e97e0\u003c/code\u003e\u003c/a\u003e 18.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/626893dc6628139de59a119fab1f2785b4723597\"\u003e\u003ccode\u003e626893d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3111\"\u003e#3111\u003c/a\u003e from hapijs/feat/link-maxRecursion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/9c7a44326629a730d91523b0fc6d0ee518d53f18\"\u003e\u003ccode\u003e9c7a443\u003c/code\u003e\u003c/a\u003e feat: add maxRecursion limit to links\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v18.1.2...v18.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.20.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/websockets/ws/compare/8.20.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.6 to 7.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.4/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.3...protobufjs-v7.6.4\"\u003e7.6.4\u003c/a\u003e (2026-06-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e574f761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e06ddd07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.2...protobufjs-v7.6.3\"\u003e7.6.3\u003c/a\u003e (2026-06-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e78a9576\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003edf91652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.1...protobufjs-v7.6.2\"\u003e7.6.2\u003c/a\u003e (2026-05-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003ea92f72e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f8f64efbfc5b52997beb7549e7ea722704320cb1\"\u003e\u003ccode\u003ef8f64ef\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2330\"\u003e#2330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/574f761c05b007dab6595ca1eaed86436579ba3f\"\u003e\u003ccode\u003e574f761\u003c/code\u003e\u003c/a\u003e fix: Reconfigure and speed up CI (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2329\"\u003e#2329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/06ddd07064329032aae6db586e2d54938b591792\"\u003e\u003ccode\u003e06ddd07\u003c/code\u003e\u003c/a\u003e fix: Remove inquire submodule (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1d3796d7d29830c73eec792ccbe769be6aa020ac\"\u003e\u003ccode\u003e1d3796d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2317\"\u003e#2317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/df91652aa5cb1ee0204566252df85cbe752298a6\"\u003e\u003ccode\u003edf91652\u003c/code\u003e\u003c/a\u003e fix: Preserve null conversion behavior for fieldless messages (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2312\"\u003e#2312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/78a9576269a5b590c54686a8122e78e28135cd50\"\u003e\u003ccode\u003e78a9576\u003c/code\u003e\u003c/a\u003e fix: Avoid name collisions in generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ec90ef9ccc30fffe6ea9ea37e45781071898229d\"\u003e\u003ccode\u003eec90ef9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a92f72e1cb731f06040a7917d3e041666d5f5601\"\u003e\u003ccode\u003ea92f72e\u003c/code\u003e\u003c/a\u003e fix: Backport consistency and correctness fixes (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2294\"\u003e#2294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.25.12 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2025\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).\u003c/p\u003e\n\u003ch2\u003e0.27.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4361\"\u003e#4361\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously the specification for \u003ccode\u003epackage.json\u003c/code\u003e disallowed import path specifiers starting with \u003ccode\u003e#/\u003c/code\u003e, but this restriction \u003ca href=\"https://redirect.github.com/nodejs/node/pull/60864\"\u003ehas recently been relaxed\u003c/a\u003e and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping \u003ccode\u003e#/*\u003c/code\u003e to \u003ccode\u003e./src/*\u003c/code\u003e (previously you had to use another character such as \u003ccode\u003e#_*\u003c/code\u003e instead, which was more confusing). There is some more context in \u003ca href=\"https://redirect.github.com/nodejs/node/issues/49182\"\u003enodejs/node#49182\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/hybrist\"\u003e\u003ccode\u003e@​hybrist\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically add the \u003ccode\u003e-webkit-mask\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4357\"\u003e#4357\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4358\"\u003e#4358\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release automatically adds the \u003ccode\u003e-webkit-\u003c/code\u003e vendor prefix for the \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask\"\u003e\u003ccode\u003emask\u003c/code\u003e\u003c/a\u003e CSS shorthand property:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\nmain {\n  mask: url(x.png) center/5rem no-repeat\n}\n\u003cp\u003e/* Old output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --target=chrome110) */\u003cbr /\u003e\nmain {\u003cbr /\u003e\n-webkit-mask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\nmask: url(x.png) center/5rem no-repeat;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThis change was contributed by \u003ca href=\"https://github.com/BPJEnnova\"\u003e\u003ccode\u003e@​BPJEnnova\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdditional minification of \u003ccode\u003eswitch\u003c/code\u003e statements (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4176\"\u003e#4176\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4359\"\u003e#4359\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release contains additional minification patterns for reducing \u003ccode\u003eswitch\u003c/code\u003e statements. Here is an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\nswitch (x) {\n  case 0:\n    foo()\n    break\n  case 1:\n  default:\n    bar()\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e\"\u003e\u003ccode\u003ebb9db84\u003c/code\u003e\u003c/a\u003e publish 0.28.1 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2\"\u003e\u003ccode\u003e9ff053e\u003c/code\u003e\u003c/a\u003e security: add integrity checks to the Deno API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5\"\u003e\u003ccode\u003e0a9bf21\u003c/code\u003e\u003c/a\u003e enforce non-negative size in gzip parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e\"\u003e\u003ccode\u003ee2a1a71\u003c/code\u003e\u003c/a\u003e security: forbid \u003ccode\u003e\\\\\u003c/code\u003e in local dev server requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78\"\u003e\u003ccode\u003e83a2cbf\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e: don't inline \u003ccode\u003eusing\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38\"\u003e\u003ccode\u003e308ad74\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4471\"\u003e#4471\u003c/a\u003e: renaming of nested \u003ccode\u003evar\u003c/code\u003e declarations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b\"\u003e\u003ccode\u003ef013f5f\u003c/code\u003e\u003c/a\u003e fix some typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c\"\u003e\u003ccode\u003eaafd6e4\u003c/code\u003e\u003c/a\u003e chore: fix some minor issues in comments (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386\"\u003e\u003ccode\u003e15300c3\u003c/code\u003e\u003c/a\u003e follow up: cjs evaluation fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395\"\u003e\u003ccode\u003e1bda0c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4467\"\u003e#4467\u003c/a\u003e: esm evaluation fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for esbuild since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.23.0 to 7.27.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.27.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: use legacy global dispatcher in v7 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5368\"\u003enodejs/undici#5368\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.27.1...v7.27.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.27.1...v7.27.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve raw headers in dispatch handler bridge by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5345\"\u003enodejs/undici#5345\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.27.0...v7.27.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.27.0...v7.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[7.x] fix: support Node 26 and legacy global dispatcher by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5319\"\u003enodejs/undici#5319\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.26.0...v7.27.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.26.0...v7.27.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.26.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport safe main fixes to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5136\"\u003enodejs/undici#5136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: validate EOF for chunked h1 responses by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5307\"\u003enodejs/undici#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.25.0...v7.26.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.25.0...v7.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/b0ba52d84906ffb291acda421008e7a350a62eb9\"\u003e\u003ccode\u003eb0ba52d\u003c/code\u003e\u003c/a\u003e Bumped v7.27.2 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5369\"\u003e#5369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c03ed25024a3f4bbeaebc2bf9f4862a713138d06\"\u003e\u003ccode\u003ec03ed25\u003c/code\u003e\u003c/a\u003e fix: use legacy global dispatcher in v7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5368\"\u003e#5368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/452787779c618fd51557057278d1a70c89ae869c\"\u003e\u003ccode\u003e4527877\u003c/code\u003e\u003c/a\u003e Bumped v7.27.1 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5354\"\u003e#5354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3e17d9255a10cadb1acfde03c13fe869bb15a206\"\u003e\u003ccode\u003e3e17d92\u003c/code\u003e\u003c/a\u003e fix: preserve raw headers in dispatch handler bridge (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5345\"\u003e#5345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7aeee342b32a20efa31e99b09bdbf192e4dec53\"\u003e\u003ccode\u003ed7aeee3\u003c/code\u003e\u003c/a\u003e Bumped v7.27.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5340\"\u003e#5340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2054b13b5b424579f3e0293bcf99a07ca71e48e9\"\u003e\u003ccode\u003e2054b13\u003c/code\u003e\u003c/a\u003e [7.x] fix: support Node 26 and legacy global dispatcher (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5319\"\u003e#5319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/acf800822a688927874cef3487c298cc2f71afa5\"\u003e\u003ccode\u003eacf8008\u003c/code\u003e\u003c/a\u003e Bumped v7.26.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5322\"\u003e#5322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2b3cd223c0abbe7271c764db8aee38772cca0d95\"\u003e\u003ccode\u003e2b3cd22\u003c/code\u003e\u003c/a\u003e fix: validate EOF for chunked h1 responses (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5273\"\u003e#5273\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5307\"\u003e#5307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/301f347a817b577cc7b51684f634e9fedb4f3df7\"\u003e\u003ccode\u003e301f347\u003c/code\u003e\u003c/a\u003e test: avoid Promise.withResolvers in tls session reuse test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0f6c7921603487d95a62c61c7bde36ea1650949f\"\u003e\u003ccode\u003e0f6c792\u003c/code\u003e\u003c/a\u003e fix: preserve allowH2 when wrapping custom connect\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.23.0...v7.27.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shell-quote` from 1.8.3 to 1.8.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md\"\u003eshell-quote's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ev1.8.4\u003c/a\u003e - 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes \u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage \u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge \u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae\"\u003e\u003ccode\u003eff166e2\u003c/code\u003e\u003c/a\u003e v1.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d\"\u003e\u003ccode\u003e4378a6e\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003equote\u003c/code\u003e: validate object-token shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6\"\u003e\u003ccode\u003e22ebec0\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, `npmig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d\"\u003e\u003ccode\u003e9f3caa3\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0\"\u003e\u003ccode\u003e3344a04\u003c/code\u003e\u003c/a\u003e [readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4\"\u003e\u003ccode\u003e699c511\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sanjeed5/hermes-agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sanjeed5/hermes-agent/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjeed5%2Fhermes-agent/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"17.7.0","new_version":"17.13.3","update_type":"minor","path":null,"pr_created_at":"2026-06-12T21:01:13.000Z","version_change":"17.7.0 → 17.13.3","issue":{"uuid":"4652582325","node_id":"PR_kwDOSxNQgM7l7Qj9","number":1,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T21:25:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T21:01:13.000Z","updated_at":"2026-06-12T21:25:38.000Z","time_to_close":1463,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"follow-redirects","old_version":"1.15.2","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"socket.io-parser","old_version":"4.2.1","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"joi","old_version":"17.7.0","new_version":"17.13.3","repository_url":"https://github.com/hapijs/joi"},{"name":"flatted","old_version":"3.2.7","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /chrome-extension/extension directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /solana-clawd-x402/worker directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [hono](https://github.com/honojs/hono).\nBumps the npm_and_yarn group with 2 updates in the /solana-clawd/automaton-main directory: [esbuild](https://github.com/evanw/esbuild) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 3 updates in the /solana-clawd/automaton-main/automation directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 1 update in the /solana-clawd/payments/pdb directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /solana-clawd/perps/twamm-master directory: [picomatch](https://github.com/micromatch/picomatch), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [joi](https://github.com/hapijs/joi).\nBumps the npm_and_yarn group with 6 updates in the /solana-clawd/programs/mpl-token-metadata-main/programs/token-metadata/js directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.1` | `4.2.6` |\n| [joi](https://github.com/hapijs/joi) | `17.7.0` | `17.13.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n\nBumps the npm_and_yarn group with 4 updates in the /ui directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest), [dompurify](https://github.com/cure53/DOMPurify) and [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser).\nBumps the npm_and_yarn group with 2 updates in the /workers/agent-wallet directory: [hono](https://github.com/honojs/hono) and [ws](https://github.com/websockets/ws).\n\nUpdates `vite` from 8.0.2 to 8.0.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.16\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.15\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.14\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.8\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ecreate-vite@8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16\"\u003e8.0.16\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e reject UNC paths for launch-editor-middleware (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22571\"\u003e#22571\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e50b9512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject windows alternate paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22572\"\u003e#22572\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003edc245c7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15\"\u003e8.0.15\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esend 408 on request timeout (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22476\"\u003e#22476\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797\"\u003ec85c9ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.3 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22538\"\u003e#22538\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e646dbed\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecapitalize error messages and remove spurious space in parse error (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22488\"\u003e#22488\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e85a0eff\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22511\"\u003e#22511\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e2686d7d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e fix html-proxy cache key mismatch for /@fs/ HTML paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21762\"\u003e#21762\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e\"\u003e47c4213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e error on relative glob in virtual module when no files match (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22497\"\u003e#22497\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c\"\u003e5c8e98f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e close the rolldown bundle when write() rejects (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22528\"\u003e#22528\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003ee3cfb9d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eresolve:\u003c/strong\u003e provide onWarn for viteResolvePlugin in JS plugin containers (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22509\"\u003e#22509\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83\"\u003e40985f1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22566\"\u003e#22566\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e3052a67\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrect logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22562\"\u003e#22562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e6978a9c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14\"\u003e8.0.14\u003c/a\u003e (2026-05-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.2 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22484\"\u003e#22484\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0\"\u003e96efc88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22471\"\u003e#22471\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3\"\u003e98b8163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e handle errors when sending messages to vite server (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22450\"\u003e#22450\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217\"\u003ee8e9a34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehtml:\u003c/strong\u003e handle trailing slash paths in transformIndexHtml (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22480\"\u003e#22480\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693\"\u003e5d94d1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e pass oxc jsx options to transformSync in dependency scan                                                            (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22342\"\u003e#22342\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262\"\u003eb3132da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22470\"\u003e#22470\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f\"\u003e7cb728e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086\"\u003e2c69495\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e do not rewrite import path for absolute base (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22310\"\u003e#22310\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302\"\u003e0ae2844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a\"\u003e\u003ccode\u003ef94df87\u003c/code\u003e\u003c/a\u003e release: v8.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003e\u003ccode\u003edc245c7\u003c/code\u003e\u003c/a\u003e fix: reject windows alternate paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572\"\u003e#22572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e\u003ccode\u003e50b9512\u003c/code\u003e\u003c/a\u003e fix(deps): reject UNC paths for launch-editor-middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571\"\u003e#22571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420\"\u003e\u003ccode\u003e8d1b019\u003c/code\u003e\u003c/a\u003e release: v8.0.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e\u003ccode\u003e2686d7d\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511\"\u003e#22511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e\u003ccode\u003e3052a67\u003c/code\u003e\u003c/a\u003e chore(deps): update rolldown-related dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566\"\u003e#22566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003e\u003ccode\u003ee3cfb9d\u003c/code\u003e\u003c/a\u003e fix(optimizer): close the rolldown bundle when write() rejects (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528\"\u003e#22528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e\u003ccode\u003e6978a9c\u003c/code\u003e\u003c/a\u003e refactor: correct logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562\"\u003e#22562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e\u003ccode\u003e646dbed\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.3 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538\"\u003e#22538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e\u003ccode\u003e85a0eff\u003c/code\u003e\u003c/a\u003e fix: capitalize error messages and remove spurious space in parse error (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488\"\u003e#22488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.16/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 8.0.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.16\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.15\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.14\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.13\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.8\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ecreate-vite@8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16\"\u003e8.0.16\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e reject UNC paths for launch-editor-middleware (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22571\"\u003e#22571\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e50b9512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject windows alternate paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22572\"\u003e#22572\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003edc245c7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15\"\u003e8.0.15\u003c/a\u003e (2026-06-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esend 408 on request timeout (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22476\"\u003e#22476\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797\"\u003ec85c9ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate rolldown to 1.0.3 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22538\"\u003e#22538\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e646dbed\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecapitalize error messages and remove spurious space in parse error (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22488\"\u003e#22488\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e85a0eff\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22511\"\u003e#22511\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e2686d7d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e fix html-proxy cache key mismatch for /@fs/ HTML paths (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21762\"\u003e#21762\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e\"\u003e47c4213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e error on relative glob in virtual module when no files match (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22497\"\u003e#22497\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c\"\u003e5c8e98f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e close the rolldown bundle when write() rejects (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22528\"\u003e#22528\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003ee3cfb9d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eresolve:\u003c/strong\u003e provide onWarn for viteResolvePlugin in JS plugin containers (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22509\"\u003e#22509\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83\"\u003e40985f1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22566\"\u003e#22566\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e3052a67\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrect logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22562\"\u003e#22562\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e6978a9c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14\"\u003e8.0.14\u003c/a\u003e (2026-05-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate rolldown to 1.0.2 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22484\"\u003e#22484\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0\"\u003e96efc88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22471\"\u003e#22471\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3\"\u003e98b8163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edev:\u003c/strong\u003e handle errors when sending messages to vite server (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22450\"\u003e#22450\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217\"\u003ee8e9a34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ehtml:\u003c/strong\u003e handle trailing slash paths in transformIndexHtml (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22480\"\u003e#22480\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693\"\u003e5d94d1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoptimizer:\u003c/strong\u003e pass oxc jsx options to transformSync in dependency scan                                                            (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22342\"\u003e#22342\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262\"\u003eb3132da\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22470\"\u003e#22470\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f\"\u003e7cb728e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove irrelevant commits from changelog (\u003ca href=\"https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086\"\u003e2c69495\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCode Refactoring\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eglob:\u003c/strong\u003e do not rewrite import path for absolute base (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22310\"\u003e#22310\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302\"\u003e0ae2844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a\"\u003e\u003ccode\u003ef94df87\u003c/code\u003e\u003c/a\u003e release: v8.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546\"\u003e\u003ccode\u003edc245c7\u003c/code\u003e\u003c/a\u003e fix: reject windows alternate paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572\"\u003e#22572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9\"\u003e\u003ccode\u003e50b9512\u003c/code\u003e\u003c/a\u003e fix(deps): reject UNC paths for launch-editor-middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571\"\u003e#22571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420\"\u003e\u003ccode\u003e8d1b019\u003c/code\u003e\u003c/a\u003e release: v8.0.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa\"\u003e\u003ccode\u003e2686d7d\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511\"\u003e#22511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd\"\u003e\u003ccode\u003e3052a67\u003c/code\u003e\u003c/a\u003e chore(deps): update rolldown-related dependencies (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566\"\u003e#22566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815\"\u003e\u003ccode\u003ee3cfb9d\u003c/code\u003e\u003c/a\u003e fix(optimizer): close the rolldown bundle when write() rejects (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528\"\u003e#22528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c\"\u003e\u003ccode\u003e6978a9c\u003c/code\u003e\u003c/a\u003e refactor: correct logic in \u003ccode\u003ecollectAllModules\u003c/code\u003e function (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562\"\u003e#22562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575\"\u003e\u003ccode\u003e646dbed\u003c/code\u003e\u003c/a\u003e feat: update rolldown to 1.0.3 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538\"\u003e#22538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3\"\u003e\u003ccode\u003e85a0eff\u003c/code\u003e\u003c/a\u003e fix: capitalize error messages and remove spurious space in parse error (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488\"\u003e#22488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v8.0.16/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 2.1.9 to 4.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.8\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eDisable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v4]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10450\"\u003evitest-dev/vitest#10450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b1\"\u003e\u003c!-- raw HTML omitted --\u003e(e4067)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by \u003ca href=\"https://github.com/toxik\"\u003e\u003ccode\u003e@​toxik\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Zelys-DFKH\"\u003e\u003ccode\u003e@​Zelys-DFKH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10474\"\u003evitest-dev/vitest#10474\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/675b4343f\"\u003e\u003c!-- raw HTML omitted --\u003e(675b4)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10384\"\u003evitest-dev/vitest#10384\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4f0f2a1ee\"\u003e\u003c!-- raw HTML omitted --\u003e(4f0f2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10138\"\u003evitest-dev/vitest#10138\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607c\"\u003e\u003c!-- raw HTML omitted --\u003e(31882)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGlobal \u003ccode\u003esequence.concurrent: true\u003c/code\u003e with top-level \u003ccode\u003etest(..., { concurrent: false })\u003c/code\u003e + depreacte \u003ccode\u003esequential\u003c/code\u003e test API and options  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eCodex\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10196\"\u003evitest-dev/vitest#10196\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2847dfa2a\"\u003e\u003c!-- raw HTML omitted --\u003e(2847d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Simplify orchestrator otel carrier  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10285\"\u003evitest-dev/vitest#10285\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee\"\u003e\u003c!-- raw HTML omitted --\u003e(18af9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🏎 Performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStringify diff objects only once  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10276\"\u003evitest-dev/vitest#10276\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9f7b1528c\"\u003e\u003c!-- raw HTML omitted --\u003e(9f7b1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Experimental Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Istanbul to support \u003ccode\u003einstrumenter\u003c/code\u003e option  -  by \u003ca href=\"https://github.com/BartWaardenburg\"\u003e\u003ccode\u003e@​BartWaardenburg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10119\"\u003evitest-dev/vitest#10119\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0e0ff41c7\"\u003e\u003c!-- raw HTML omitted --\u003e(0e0ff)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e--project negation excludes browser instances  -  by \u003ca href=\"https://github.com/felamaslen\"\u003e\u003ccode\u003e@​felamaslen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10131\"\u003evitest-dev/vitest#10131\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9423dc084\"\u003e\u003c!-- raw HTML omitted --\u003e(9423d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProject color label on html reporter  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10142\"\u003evitest-dev/vitest#10142\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/596f73986\"\u003e\u003c!-- raw HTML omitted --\u003e(596f7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003evi.defineHelper\u003c/code\u003e called as object method  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10163\"\u003evitest-dev/vitest#10163\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/122c25b5b\"\u003e\u003c!-- raw HTML omitted --\u003e(122c2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlias \u003ccode\u003eagent\u003c/code\u003e reporter to \u003ccode\u003eminimal\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10157\"\u003evitest-dev/vitest#10157\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/663b99fe3\"\u003e\u003c!-- raw HTML omitted --\u003e(663b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedad\"\u003e\u003c!-- raw HTML omitted --\u003e(9787d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions \u0026quot;  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd\"\u003e\u003c!-- raw HTML omitted --\u003e(7dc6d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003east-collect\u003c/strong\u003e: Recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery  -  by \u003ca href=\"https://github.com/Yejneshwar\"\u003e\u003ccode\u003e@​Yejneshwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10129\"\u003evitest-dev/vitest#10129\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab2\"\u003e\u003c!-- raw HTML omitted --\u003e(32546)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Descriptive error message when reports directory is removed during test run  -  by \u003ca href=\"https://github.com/DaveT1991\"\u003e\u003ccode\u003e@​DaveT1991\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10117\"\u003evitest-dev/vitest#10117\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1413382e1\"\u003e\u003c!-- raw HTML omitted --\u003e(14133)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esnapshot\u003c/strong\u003e: Increase default snapshot max output length  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10150\"\u003evitest-dev/vitest#10150\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/21e66ff63\"\u003e\u003c!-- raw HTML omitted --\u003e(21e66)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e: Fix jsx/tsx syntax highlight  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10152\"\u003evitest-dev/vitest#10152\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f1b1f6c7b\"\u003e\u003c!-- raw HTML omitted --\u003e(f1b1f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-worker\u003c/strong\u003e: Support MessagePort objects referenced inside postMessage data  -  by \u003ca href=\"https://github.com/whitphx\"\u003e\u003ccode\u003e@​whitphx\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6 (1M context)\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9927\"\u003evitest-dev/vitest#9927\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10124\"\u003evitest-dev/vitest#10124\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7ad7d39af\"\u003e\u003c!-- raw HTML omitted --\u003e(7ad7d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Make test-specification options writable  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10154\"\u003evitest-dev/vitest#10154\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6abd557b7\"\u003e\u003c!-- raw HTML omitted --\u003e(6abd5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f\"\u003e\u003ccode\u003ee61f2dd\u003c/code\u003e\u003c/a\u003e chore: release v4.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9\"\u003e\u003ccode\u003ee4067b3\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4\"\u003e\u003ccode\u003ea09d472\u003c/code\u003e\u003c/a\u003e chore: release v4.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1\"\u003e\u003ccode\u003ea8fd24c\u003c/code\u003e\u003c/a\u003e chore: release v4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06\"\u003e\u003ccode\u003e18af98c\u003c/code\u003e\u003c/a\u003e fix(browser): simplify orchestrator otel carrier (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285\"\u003e#10285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857\"\u003e\u003ccode\u003e3188260\u003c/code\u003e\u003c/a\u003e feat(browser): provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9\"\u003e\u003ccode\u003ee399846\u003c/code\u003e\u003c/a\u003e chore: release v4.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd9dda0fe6fee2fb6451d0611a9ecb6e7\"\u003e\u003ccode\u003e7dc6d54\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedade9896a6d3eeed7739177d6c583a68a7\"\u003e\u003ccode\u003e9787ded\u003c/code\u003e\u003c/a\u003e fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab292c45c3ef27aa21ec7da380c307052c\"\u003e\u003ccode\u003e325463a\u003c/code\u003e\u003c/a\u003e fix(ast-collect): recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.18 to 4.12.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(route): preserve the base path of the mounted route() app by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4942\"\u003ehonojs/hono#4942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jsx): widen jsx and jsxFn children to Child[] by \u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ashunar0\"\u003e\u003ccode\u003e@​ashunar0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4947\"\u003ehonojs/hono#4947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.19...v4.12.20\"\u003ehttps://github.com/honojs/hono/compare/v4.12.19...v4.12.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.19\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: pin GitHub Actions to SHAs by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4932\"\u003ehonojs/hono#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(serveStatic): make options parameter optional in all adapters by \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4934\"\u003ehonojs/hono#4934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cookie): return the first cookie when there are multiple cookies with the same name by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4922\"\u003ehonojs/hono#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bearer-auth): make bearerAuth generic for typed context in verifyToken by \u003ca href=\"https://github.com/justinnais\"\u003e\u003ccode\u003e@​justinnais\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4913\"\u003ehonojs/hono#4913\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): key cache entries by configured vary headers by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4915\"\u003ehonojs/hono#4915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(request): add \u003ccode\u003ebytes()\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4921\"\u003ehonojs/hono#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stream): upgrade \u003ccode\u003e@hono/node-server\u003c/code\u003e to v2 and fix abort handling by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4940\"\u003ehonojs/hono#4940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinnais\"\u003e\u003ccode\u003e@​justinnais\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4913\"\u003ehonojs/hono#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.18...v4.12.19\"\u003ehttps://github.com/honojs/hono/compare/v4.12.18...v4.12.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a83ddb882e0c0b8c336050dba087bb2e1b12488e\"\u003e\u003ccode\u003ea83ddb8\u003c/code\u003e\u003c/a\u003e 4.12.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1\"\u003e\u003ccode\u003e6cbb025\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c831020fb1fa2e929d222f6c84e1abfe013e512b\"\u003e\u003ccode\u003ec831020\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d\"\u003e\u003ccode\u003e905aedb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/5463db2735476959b8af67756f4e513f4fe19115\"\u003e\u003ccode\u003e5463db2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c657a39ccc8d3194d345d9e82c8587bd25b5b6e8\"\u003e\u003ccode\u003ec657a39\u003c/code\u003e\u003c/a\u003e 4.12.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/eb2d0c238adbcee5933d0f8c15f1a65a88f50565\"\u003e\u003ccode\u003eeb2d0c2\u003c/code\u003e\u003c/a\u003e fix(jsx): widen jsx and jsxFn children to Child[] (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/dcabbece347817ef7193439c39d28546b8ac3a85\"\u003e\u003ccode\u003edcabbec\u003c/code\u003e\u003c/a\u003e fix(route): preserve the base path of the mounted route() app (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e62bcd22fa4e8f0e83cb564bac85e32f5434dd3\"\u003e\u003ccode\u003e7e62bcd\u003c/code\u003e\u003c/a\u003e 4.12.19\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/e2f252a8745eb25f06485b8d43e8410bf027c8ef\"\u003e\u003ccode\u003ee2f252a\u003c/code\u003e\u003c/a\u003e fix(stream): upgrade \u003ccode\u003e@hono/node-server\u003c/code\u003e to v2 and fix abort handling (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4940\"\u003e#4940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.18...v4.12.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 2.1.9 to 4.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.8\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eDisable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [backport to v4]  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10450\"\u003evitest-dev/vitest#10450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b1\"\u003e\u003c!-- raw HTML omitted --\u003e(e4067)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by \u003ca href=\"https://github.com/toxik\"\u003e\u003ccode\u003e@​toxik\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Zelys-DFKH\"\u003e\u003ccode\u003e@​Zelys-DFKH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10474\"\u003evitest-dev/vitest#10474\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/675b4343f\"\u003e\u003c!-- raw HTML omitted --\u003e(675b4)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner\u003c/strong\u003e: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10384\"\u003evitest-dev/vitest#10384\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4f0f2a1ee\"\u003e\u003c!-- raw HTML omitted --\u003e(4f0f2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10138\"\u003evitest-dev/vitest#10138\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607c\"\u003e\u003c!-- raw HTML omitted --\u003e(31882)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGlobal \u003ccode\u003esequence.concurrent: true\u003c/code\u003e with top-level \u003ccode\u003etest(..., { concurrent: false })\u003c/code\u003e + depreacte \u003ccode\u003esequential\u003c/code\u003e test API and options  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eCodex\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10196\"\u003evitest-dev/vitest#10196\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2847dfa2a\"\u003e\u003c!-- raw HTML omitted --\u003e(2847d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e: Simplify orchestrator otel carrier  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10285\"\u003evitest-dev/vitest#10285\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee\"\u003e\u003c!-- raw HTML omitted --\u003e(18af9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🏎 Performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStringify diff objects only once  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10276\"\u003evitest-dev/vitest#10276\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9f7b1528c\"\u003e\u003c!-- raw HTML omitted --\u003e(9f7b1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003ch3\u003e   🚀 Experimental Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Istanbul to support \u003ccode\u003einstrumenter\u003c/code\u003e option  -  by \u003ca href=\"https://github.com/BartWaardenburg\"\u003e\u003ccode\u003e@​BartWaardenburg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10119\"\u003evitest-dev/vitest#10119\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/0e0ff41c7\"\u003e\u003c!-- raw HTML omitted --\u003e(0e0ff)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e--project negation excludes browser instances  -  by \u003ca href=\"https://github.com/felamaslen\"\u003e\u003ccode\u003e@​felamaslen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10131\"\u003evitest-dev/vitest#10131\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9423dc084\"\u003e\u003c!-- raw HTML omitted --\u003e(9423d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProject color label on html reporter  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10142\"\u003evitest-dev/vitest#10142\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/596f73986\"\u003e\u003c!-- raw HTML omitted --\u003e(596f7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003evi.defineHelper\u003c/code\u003e called as object method  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10163\"\u003evitest-dev/vitest#10163\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/122c25b5b\"\u003e\u003c!-- raw HTML omitted --\u003e(122c2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlias \u003ccode\u003eagent\u003c/code\u003e reporter to \u003ccode\u003eminimal\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10157\"\u003evitest-dev/vitest#10157\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/663b99fe3\"\u003e\u003c!-- raw HTML omitted --\u003e(663b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedad\"\u003e\u003c!-- raw HTML omitted --\u003e(9787d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect diff config options in soft assertions \u0026quot;  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8696\"\u003evitest-dev/vitest#8696\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd\"\u003e\u003c!-- raw HTML omitted --\u003e(7dc6d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003east-collect\u003c/strong\u003e: Recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery  -  by \u003ca href=\"https://github.com/Yejneshwar\"\u003e\u003ccode\u003e@​Yejneshwar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10129\"\u003evitest-dev/vitest#10129\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab2\"\u003e\u003c!-- raw HTML omitted --\u003e(32546)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e: Descriptive error message when reports directory is removed during test run  -  by \u003ca href=\"https://github.com/DaveT1991\"\u003e\u003ccode\u003e@​DaveT1991\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10117\"\u003evitest-dev/vitest#10117\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1413382e1\"\u003e\u003c!-- raw HTML omitted --\u003e(14133)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esnapshot\u003c/strong\u003e: Increase default snapshot max output length  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eCodex\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10150\"\u003evitest-dev/vitest#10150\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/21e66ff63\"\u003e\u003c!-- raw HTML omitted --\u003e(21e66)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eui\u003c/strong\u003e: Fix jsx/tsx syntax highlight  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10152\"\u003evitest-dev/vitest#10152\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f1b1f6c7b\"\u003e\u003c!-- raw HTML omitted --\u003e(f1b1f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-worker\u003c/strong\u003e: Support MessagePort objects referenced inside postMessage data  -  by \u003ca href=\"https://github.com/whitphx\"\u003e\u003ccode\u003e@​whitphx\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6 (1M context)\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9927\"\u003evitest-dev/vitest#9927\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10124\"\u003evitest-dev/vitest#10124\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7ad7d39af\"\u003e\u003c!-- raw HTML omitted --\u003e(7ad7d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e: Make test-specification options writable  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/10154\"\u003evitest-dev/vitest#10154\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6abd557b7\"\u003e\u003c!-- raw HTML omitted --\u003e(6abd5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f\"\u003e\u003ccode\u003ee61f2dd\u003c/code\u003e\u003c/a\u003e chore: release v4.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9\"\u003e\u003ccode\u003ee4067b3\u003c/code\u003e\u003c/a\u003e fix(browser): disable client \u003ccode\u003ecdp\u003c/code\u003e API when \u003ccode\u003eallowWrite/allowExec: false\u003c/code\u003e [ba...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4\"\u003e\u003ccode\u003ea09d472\u003c/code\u003e\u003c/a\u003e chore: release v4.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1\"\u003e\u003ccode\u003ea8fd24c\u003c/code\u003e\u003c/a\u003e chore: release v4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06\"\u003e\u003ccode\u003e18af98c\u003c/code\u003e\u003c/a\u003e fix(browser): simplify orchestrator otel carrier (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285\"\u003e#10285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857\"\u003e\u003ccode\u003e3188260\u003c/code\u003e\u003c/a\u003e feat(browser): provide project reference in \u003ccode\u003eToMatchScreenshotResolvePath\u003c/code\u003e (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9\"\u003e\u003ccode\u003ee399846\u003c/code\u003e\u003c/a\u003e chore: release v4.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/7dc6d54fd9dda0fe6fee2fb6451d0611a9ecb6e7\"\u003e\u003ccode\u003e7dc6d54\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/9787dedade9896a6d3eeed7739177d6c583a68a7\"\u003e\u003ccode\u003e9787ded\u003c/code\u003e\u003c/a\u003e fix: respect diff config options in soft assertions (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696\"\u003e#8696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/325463ab292c45c3ef27aa21ec7da380c307052c\"\u003e\u003ccode\u003e325463a\u003c/code\u003e\u003c/a\u003e fix(ast-collect): recognize _\u003cem\u003evi_import\u003c/em\u003e prefix in static test discovery (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vitest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.28.0 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.\u003c/p\u003e\n\u003cp\u003eNote that esbuild's Deno API installs from \u003ccode\u003eregistry.npmjs.org\u003c/code\u003e by default, but allows the \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e environment variable to override this with a custom package registry. This change means that the esbuild executable served by \u003ccode\u003eNPM_CONFIG_REGISTRY\u003c/code\u003e must now match the expected content.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sondt99\"\u003e\u003ccode\u003e@​sondt99\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid inlining \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4482\"\u003e#4482\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild's minifier sometimes incorrectly inlined \u003ccode\u003eusing\u003c/code\u003e and \u003ccode\u003eawait using\u003c/code\u003e declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for \u003ccode\u003elet\u003c/code\u003e and \u003ccode\u003econst\u003c/code\u003e declarations by avoiding doing it for \u003ccode\u003evar\u003c/code\u003e declarations, which no longer worked when more declaration types were added. Here's an example:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\n{\r\n  using x = new Resource()\r\n  x.activate()\r\n}\r\n\u003cp\u003e// Old output (with --minify)\u003cbr /\u003e\nnew Resource().activate();\u003c/p\u003e\n\u003cp\u003e// New output (with --minify)\u003cbr /\u003e\n{using e=new Resource;e.activate()}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix module evaluation when an error is thrown (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4461\"\u003e#4461\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e is used to import a module multiple times. The thrown error is supposed to be thrown by every call to \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e, not just the first. With this release, esbuild will now throw the same error every time you call \u003ccode\u003eimport()\u003c/code\u003e or \u003ccode\u003erequire()\u003c/code\u003e on a module that throws during its evaluation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix some edge cases around the \u003ccode\u003enew\u003c/code\u003e operator (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4477\"\u003e#4477\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePreviously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a \u003ccode\u003enew\u003c/code\u003e expression (specifically an optional chain and/or a tagged template literal). The generated code for the \u003ccode\u003enew\u003c/code\u003e target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the \u003ccode\u003enew\u003c/code\u003e target in parentheses. Here is an example of some affected code:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// Original code\r\nnew (foo()`bar`)()\r\nnew (foo()?.bar)()\r\n\u003cp\u003e// Old output\u003cbr /\u003e\nnew foo()\u003ccode\u003ebar\u003c/code\u003e();\u003cbr /\u003e\nnew (foo())?.bar();\u003c/p\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.28.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisallow \u003ccode\u003e\\\u003c/code\u003e in local development server HTTP requests (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr\"\u003eGHSA-g7r4-m6w7-qqqr\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \u003ccode\u003e\\\u003c/code\u003e backslash character. It happened due to the use of Go's \u003ccode\u003epath.Clean()\u003c/code\u003e function, which only handles Unix-style \u003ccode\u003e/\u003c/code\u003e characters. HTTP requests with paths containing \u003ccode\u003e\\\u003c/code\u003e are no longer allowed.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/dellalibera\"\u003e\u003ccode\u003e@​dellalibera\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd integrity checks to the Deno API (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr\"\u003eGHSA-gv7w-rqvm-qjhr\u003c/a\u003e)\u003c/p\u003e\n...\n\n_Description has been truncated_","html_url":"https://github.com/Solizardking/solana-os-go/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solizardking%2Fsolana-os-go/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"17.9.2","new_version":"17.13.4","update_type":"minor","path":null,"pr_created_at":"2026-06-12T20:51:36.000Z","version_change":"17.9.2 → 17.13.4","issue":{"uuid":"4652530410","node_id":"PR_kwDOB9qKT87l7Foe","number":692,"state":"open","title":"build(deps): bump joi from 17.9.2 to 17.13.4","user":"dependabot[bot]","labels":[":ok_hand: code/needs-review",":ok_hand: code/review-requested",":vertical_traffic_light: automerge",":green_heart: checks/passed","dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T20:51:36.000Z","updated_at":"2026-06-12T20:52:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"joi","old_version":"17.9.2","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.9.2 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3cb73d6cded39fa49a46069b64d638a0ba0f7d14\"\u003e\u003ccode\u003e3cb73d6\u003c/code\u003e\u003c/a\u003e 17.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/1653c478486227728942ebd8544bb068448cb814\"\u003e\u003ccode\u003e1653c47\u003c/code\u003e\u003c/a\u003e fix: correct function type in alternatives error (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/7373136d149be0cc727096325f22f748d22aef46\"\u003e\u003ccode\u003e7373136\u003c/code\u003e\u003c/a\u003e 17.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/add65979a3d2f93a08e60824ed1a02e56536fa69\"\u003e\u003ccode\u003eadd6597\u003c/code\u003e\u003c/a\u003e \u003ccode\u003estrictUnknown\u003c/code\u003e should honor local explicit \u003ccode\u003e.unknown(false)\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/0066a4ef16706b722b81818a8608aea1129f4cc7\"\u003e\u003ccode\u003e0066a4e\u003c/code\u003e\u003c/a\u003e 17.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/2d260302e75ed50e1f2658887dcd11fcc5b5e05c\"\u003e\u003ccode\u003e2d26030\u003c/code\u003e\u003c/a\u003e fix: label false should also hide explicit labels (\u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/f02df4c011253d3573be19261a45c6765157d054\"\u003e\u003ccode\u003ef02df4c\u003c/code\u003e\u003c/a\u003e 17.13.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.9.2...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.9.2\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/christophehurpeau/alp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/christophehurpeau/alp/pull/692","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/christophehurpeau%2Falp/issues/692","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/692/packages"}},{"old_version":"17.13.3","new_version":"17.13.4","update_type":"patch","path":null,"pr_created_at":"2026-06-12T20:21:36.000Z","version_change":"17.13.3 → 17.13.4","issue":{"uuid":"4652347333","node_id":"PR_kwDOAnAy8s7l6fIX","number":510,"state":"closed","title":"chore(deps): bump joi from 17.13.3 to 17.13.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T20:38:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-12T20:21:36.000Z","updated_at":"2026-06-12T20:38:25.000Z","time_to_close":1007,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"joi","old_version":"17.13.3","new_version":"17.13.4","repository_url":"https://github.com/hapijs/joi"}],"path":null,"ecosystem":"npm"},"body":"Bumps [joi](https://github.com/hapijs/joi) from 17.13.3 to 17.13.4.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/3d3ab76fad0170e97bdd72e96be7ce32330cde8f\"\u003e\u003ccode\u003e3d3ab76\u003c/code\u003e\u003c/a\u003e 17.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/4bcdf3602279c705a5d9944d29f897c8dda740ef\"\u003e\u003ccode\u003e4bcdf36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3123\"\u003e#3123\u003c/a\u003e from hapijs/chore/backport-3113\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74\"\u003e\u003ccode\u003e97bd51d\u003c/code\u003e\u003c/a\u003e chore: backport \u003ca href=\"https://redirect.github.com/hapijs/joi/issues/3113\"\u003e#3113\u003c/a\u003e to v17\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hapijs/joi/compare/v17.13.3...v17.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joi\u0026package-manager=npm_and_yarn\u0026previous-version=17.13.3\u0026new-version=17.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gre/gl-react/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gre/gl-react/pull/510","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gre%2Fgl-react/issues/510","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/510/packages"}}]}